Personal data and documents from hundreds of German politicians and public figures have been published online, the country’s government said on Friday, adding that no sensitive material from Chancellor Angela Merkel‘s office was released.
An Interior Ministry spokesman declined to confirm that the data breach, which triggered an emergency meeting of Germany‘s national cyber-defence body, was the result of a hack but, according to Bild newspaper, German authorities have asked the US National Security Agency (NSA) for help with investigations.
German media reported earlier that hackers had posted data, including credit card details and mobile phone numbers, with politicians from all major parties affected apart from the right-wing Alternative for Germany (AfD).
A number of celebrities outside the political sphere have also been affected, as well as journalists and musicians.
“Personal data and documents belonging to hundreds of politicians and public figures have been published online,” government spokeswoman Martina Fietz told a news conference, adding that politicians at the federal, state and European level had been affected.
Judging by an initial review, no sensitive information from the chancellery had been published, “and this includes [from] the chancellor,” she said.
However, Merkel’s fax number, email address and several letters to and from her were among the leaked data.
German public broadcaster ARD, which broke the story, said its journalists had so far not detected any incriminating content.
A defence ministry spokesman said the armed forces had not been affected by the breach.
“Whoever is behind this wants to damage faith in our democracy and its institutions,” Justice Minister Katarina Barley said in a statement.
The country’s cyber defence body BSI met early on Friday to coordinate the response of federal government agencies including the domestic and foreign intelligence agencies, a spokesman said.
Bild newspaper said the secure internal network of Germany’s government was not hit by the hackers, citing sources inside the BSI.
If the data release does stem from a hack, it would be the latest in a number of hi-tech assaults on Germany’s political institutions and key individuals.
In February, legislators said a powerful cyberattack breached the foreign ministry’s computer network.
Security officials have blamed most previous attacks on a Russian hacking group known as Fancy Bear or APT28, that experts say has close ties to a Russian spy agency.
Security experts have held the same group responsible for an attack before the 2016 US presidential election.
The Kremlin, responding to previous allegations of cyberattacks on foreign computer infrastructure, has denied any involvement and said the accusations are part of a Russophobic witch-hunt.
“This data breach of hundreds of German politicians is alarming, but at the same time it’s not surprising,” said Mike Hart at commercial cybersecurity firm FireEye told the Reuters news agency, citing previous hacks.
“It highlights the need for the government to take cybersecurity very seriously.”
ARD reported earlier that the data, which was published on a now-blocked Twitter account, included addresses, personal letter and copies of identity cards.
Links to the data appeared daily on the Twitter account in December in an advent calendar-style, but it was only noticed more recently.
The identity of the hackers and their motive were not known, the report said.
“Whoever is responsible wants to intimidate politicians. That will not succeed,” Lars Klingbeil, secretary-general of the centre-left Social Democrats, Merkel’s coalition partner, said.