The infection was detected by anti-virus software alerts. By opening an email with malicious content, Emotet was able to spread further. As a result, a total of 25 computers in different areas were infected. All affected computers were localized, immediately disconnected from the network and reinstalled. In this context, various services were also temporarily shut down completely, which severely restricted work.
It was possible to mitigate the effects. However, the infection of the IT system constitutes a data breach that must be reported under data protection law.
The District Office has already complied with its obligation to notify the State Commissioner for Data Protection and Freedom of Information.
The District Office also has a duty to inform citizens that their personal data sent by email may also have fallen into the wrong hands. Personal data means any information relating to an identified or identifiable natural person.
For example, a person is or can be identified by
- Names and addresses
- contact details, such as e-mail addresses
- textual content of emails
- information in email attachments
We ask you to pay particular attention when you receive e-mails from employees of the District Council Office. This is how you can protect yourself:
- by critically checking the sender of an e-mail,
- by checking dubious e-mails and deleting them in case of doubt,
- by not opening any attachments, in particular file attachments in .doc or .xls format and by not clicking on any links contained in e-mails if the sender is not absolutely trustworthy,
- by immediately reporting any damage to the data protection officer of the district office(datenschutzbeauftragter[at]landkreis-ludwigsburg.de).
Of the total of around 1800 computers at the district office, 25 were actually affected.
