Dresden, 07.04.2025. On Saturday, 29 March 2025, a cloud server of Spectos GmbH was compromised by a targeted cyber attack. The attacker(s) gained unauthorised access to data storage within the cloud infrastructure via a secondary system. Personal data of two customers was collected and, according to current knowledge, published on the so-called Darknet.
Forensic analysis results
The analysis revealed that the attacker used a vulnerability in a secondary server to gain access to various storage areas in the cloud infrastructure. Access to the main systems was successfully prevented.
The data that has been collected to date includes:
- Name, email address, postal address
- There is no evidence to date of misuse of the data concerned by third parties.
Reports to the authorities
Spectos GmbH has informed all the relevant authorities in accordance with the applicable legal requirements:
- The Saxon Data Protection and Transparency Officer (pursuant to Art. 33 GDPR)
- The German Federal Office for Information Security (BSI)
- The Information Commissioner’s Office (ICO) in the United Kingdom
- A criminal complaint against unknown persons has been filed with the State Office of Criminal Investigation.
In addition, the customers directly affected were informed immediately and individually in accordance with Art. 34 GDPR.
Measures for restoration and stabilisation
‘We take this incident very seriously and deeply regret that a successful attack was able to take place despite our existing security structures. The security of the data entrusted to us is our top priority. We have immediately taken all necessary measures to protect the affected systems, to identify the cause and to permanently increase our security standards,’ said Ringo Großer, CIO of Spectos GmbH.
The following measures were specifically implemented:
- Immediate shutdown of affected servers
- Complete access restriction for compromised systems
- Change of all access data, password and key rotation
- Deletion of all administrative user accounts
- Restoration of systems from verified backups
- Installation of security-critical patches
- Introduction of a security information and event management (SIEM) system
- Hardening of the cloud infrastructure & penetration tests
- Revision of the IAM structure with minimal rights assignment
- Sensitisation and awareness training for all employees
- Training of system administrators
- Establishment of continuous external monitoring
Operational recovery – current status
On 7 April 2025, after all security checks had been completed and in close coordination with the relevant authorities, the Spectos services were restarted in a controlled manner. The systems are in a stable, hardened operating state. No further activities by the attacker have been detected since.
For more information and ongoing updates, please visit our website: www.spectos.com/news
If you have any questions, please contact:
Ringo Großer, CIO
E-Mail: dataprotection@spectos.com
