Last week, it was announced that during December 2018 almost one thousand German public figures, including journalists and a number of prominent politicians including the Chancellor and President, were the subject of one of Germany’s largest data breaches. The leaked data included contacts, private chats, credit card details and other financial details of figures from many of the major German political parties. The German interior ministry have since stated that there is no evidence that government systems or data have been compromised in the cyberattack.On 8 January 2019, a 20 year-old man was arrested in connection with the cyberattack; it has been reported that he was able to access such a large amount of data since the data subjects affected did not use sophisticated passwords.
The German cybersecurity authority (the Federal Office for Information Security) has been criticised for its handling of the cyberattack and resultant data breach and for not informing the police in a timely manner. Responding to the data breach, Horst Seehofer, the German interior minister, has announced that he intends to propose a new IT security law, a draft of which may be presented to the German cabinet within the coming months. It remains to be seen what the contents of the draft bill are, but its very existence is a sign of the increasing importance European governments are placing on cyber and data security.