Information on IT security incidentaffecting the ConVista Group
The IT systems of the ConVista Group were target of a deliberate hacker attack in October 2022 by exploiting a zero-day security gap. The forensic analysis of the IT security incident is still ongoing.
The attackers had gained wide-ranging access to the IT systems at administrator level and thus also to the processed (personal) data.
The visible effects of the attack are:
- an extensive encryption of data by use of a ransomware
- a low-volume data leak from the Exchange Server
Immediate measures taken
A crisis management team - supported by specialized external IT forensic experts - was assigned to investigate the incident. The affected systems were isolated (physically disconnected from all networks). The entire ConVista network was disconnected from the internet. All active systems and clients were and currently are being scanned with the latest antivirus software capable of detecting the known infections.
A complaint was filed with the police and the incident was reported to the relevant regulatory authorities as well as to the Federal Cyber Security Authority (BSI).
Consequences from the IT security incident for those who have been affected
The data encrypted by the ransomware has not been available since 10.10.2022. The data has been restored successively from backups; in some cases, restoring is imminent. Data loss is not expected to occur or will be limited to a very low level. Therefore, no increased risk results from the unavailability.
The current findings from the forensic analysis indicate that the data outflow from the Exchange Server involves a low volume. It is not possible to assess which data is affected by the data outflow. Nevertheless, it must be assumed that data exchanged with external persons or organizations was also leaked without authorization. Naturally, this may also include personal data. Information obtained from leaked e-mail correspondence could be used, for example, for individually customized phishing attacks or social engineering against affected individuals.
Due to the range of access by the attackers, other personal data of our business partners, applicants, (former) employees and suppliers as well as other persons stored on IT systems of the ConVista Group are also potentially affected; for example, the following categories of data:
- Contact data
- Means of payment
- Communication details
- Project contents
- Personnel files
There is currently no knowledge of a data outflow beyond the low-volume outflow from the Exchange Server; however, such an outflow cannot be excluded.
Recommendations for mitigating negative effects
As a precautionary measure, we recommend that you be particularly vigilant in the near future, both in your business and private life. Pay increased attention to unusual events that indicate alleged activities on your behalf or the use of insider knowledge about you - e.g., contact from unknown persons with insider knowledge, requests to hand over (access) data or change bank account details, or suspicious movements on your means of payment.
We have set up a temporary e-mail address for contact purposes. Please use this for your queries. The Mails received will be forwarded internally to the responsible contact person.
The address is: info(at)convista.onmicrosoft.com.
We apologize for any disadvantages you may have suffered due to the cyber-attack.
We have derived consequences from the incident. Our IT infrastructure has been rebuilt even more securely and is now also subject to extensive live monitoring.
Your management of the ConVista Group