German cyber defense agency defends handling of data breach despite outrage


Germany's cyber defense agency (BSI) on Saturday defended its role in responding to a far-reaching data breach, saying it could not have connected individual cases it was aware of last year until the entire data release became public.

The government said on Friday that personal data and documents from hundreds of German politicians and public figures including Chancellor Angela Merkel had been published online, in what appeared to be one of Germany's biggest data breaches.

The incident has shocked the establishment and prompted calls for security agencies to clarify whether any security deficiencies they were aware of had been exploited, and if they could have acted sooner to head off the breach.

The BSI said in a statement that it was contacted by a lawmaker in early December about suspicious activity on private email and social media accounts. "Everybody assumed it was an isolated case," the agency had announced. "Only by becoming aware of the release of the data sets via the Twitter account 'G0d' on Jan. 3, 2019, could the BSI in a further analysis on Jan. 4, 2019, connect this case and four other cases that the BSI became aware of during 2018," it said. "At the beginning of December 2018, it was not foreseeable that there would be more cases."

The BSI said on Friday all but one of the seven parties in the lower house had been affected. German media said that party was the right-wing Alternative for Germany (AfD).

Arne Schönbohm, the head of the BSI, also said Friday that the agency had spoken to "lawmakers" affected by the breach in early December, prompting outrage among other victims of the data breach, who assumed that the BSI had already known of it and did not inform them, possibly for security reasons.

"I am outraged that I am learning about the data leak from the media, even though I am a member of the parliament's Intelligence Oversight Committee and Home Affairs Committee," Left party lawmaker Andre Hahn told the media group Redaktionsnetzwerk on Saturday. Conservative politicians substantially criticized the BSI as well. One member of the Christian Democrats, Günter Krings, said that "the obligation of the federal government to inform parliament also applied between Christmas and New Year," according to the Rheinische Post newspaper.

Social Democrats [SPD] General Secretary Lars Klingbeil demanded immediate explanations as to "which authority knew what and when, and what was the response."

"It is outrageous that stolen data was present for days on the Internet and the competent authority did nothing to inform and protect those affected," Bundestag Vice President Thomas Oppermann of the SPD told Bild am Sonntag newspaper, adding that there were "obviously serious shortcomings in the coordination of the security authorities."

Last year, lawmakers said a powerful cyberattack had breached the foreign ministry's computer network. Security officials have blamed most previous breaches of data security on a Russian hacking group, while the Kremlin has consistently denied involvement in such incidents; to this day the claims that the Russian government was involved remain unsubstantiated. After the latest data breach, Justice Minister Katarina Barley said she was considering stricter security requirements for software makers and internet platform operators. "We are examining the extent to which stricter legal provisions are useful and necessary here," she told weekly newspaper Welt am Sonntag.

Authorities were investigating all possibilities, including espionage, one government source said on Friday, adding that it was unlikely any single person could have compiled the massive amounts of data that had been released. The BSI said investigations so far had showed the data breaches predominantly concerned private and personal accounts, but that it is responsible for the operational protection of government networks.