On 29 March 2025, Spectos GmbH was the target of a cyber attack. In this FAQ, we transparently answer the most important questions regarding the incident, the measures taken and the current status. If there is any new information, this page will be updated.
What happened?
On Saturday, March 29, 2025, Spectos GmbH’s cloud server was compromised by a targeted cyber attack. The attacker or attackers gained unauthorised access to data storage within our cloud infrastructure via a secondary system.
Which data was affected?
As things stand, personal data from two customers has been intercepted and published on the so-called Darknet. We have informed these customers individually.
Has my data as a customer been compromised?
If you are directly affected as a customer of Spectos, we have already informed you individually. If you have not received a message, to our current knowledge, there is no indication of any compromise of your data.
How was the attack discovered?
The initial access took place on 29 March 2025. Further activities were detected on 2 April. The affected servers were shut down immediately and an external IT security service provider was commissioned to conduct the forensic analysis.
Have the authorities been informed?
Yes. We have made all the necessary reports promptly:
- To the Saxon Data Protection and Transparency Officer
- To the Federal Office for Information Security (BSI)
- The Information Commissioner’s Office (ICO) in the United Kingdom
- In addition, a criminal complaint has been filed against persons unknown with the State Office of Criminal Investigation.
What measures have been taken?
To ensure the long-term security of our systems, we have implemented the following measures, among others:
- Disconnection of affected servers and isolation of the cloud environment
- Change of all access data, deletion of administration accounts
- Restoration from secure backups
- Installation of current security patches
- Introduction of a SIEM system and regular monitoring
- Penetration tests & hardening of systems
- Revision of all access rights (IAM)
- Training and awareness training for employees
Are the systems up and running again?
Yes. After successfully implementing all protective measures, regular operations were resumed on 7 April 2025.
Were there any signs of misuse of the published data?
To our knowledge, there is no evidence of misuse of the published data. We continue to monitor relevant sources closely with the support of external security partners.
What happens next?
The security of the data entrusted to us is our top priority. We continue to analyse the incident in detail, continuously optimise our protective measures and ensure maximum transparency for customers, partners and authorities.
I have further questions – who can I contact?
Ringo Großer, CIOE-Mail: dataprotection@spectos.com
