Skip to main content

Information about the cyber attack on the Museum für Naturkunde Berlin

MfN Fassade

Notification in accordance with Art. 34 GDPR

Information about the type of data protection incident

During a cyber attack in October 2023, part of the museum's data was copied and stolen by the attackers, including personal data. Parts of the stolen data were published by the attackers on 4 December 2023. The relevant files were downloaded and analyzed by our forensic service provider in a secure environment. It turned out that personal data was also affected by the attack.

The affected data of our visitors and business partners is primarily names and contact details such as email addresses. Unfortunately, data from PayPal transactions – but not passwords to PayPal accounts – are also affected.

We still have no evidence that data subjects have been materially harmed or suffered disadvantages that go beyond the acquisition and publication of their personal data. 

Countermeasures taken

As part of dealing with the cyber attack, we have set up a crisis team. We also work closely with our internal data protection officer and a law firm specializing in data protection law and, after the cyber attack became known, we contacted the State Criminal Police Office (LKA) and the Federal Office for Information Security (BSI). We reported the incident as well as new findings and developments to the state data protection officer.

We also subject our entire IT infrastructure to a complete inspection by specialized forensic experts and are also working on the gradual reconstruction of our IT systems. We report on the current status on our website.

Possible consequences of the data protection incident and proposed protective measures

The stolen data is very extensive and includes a variety of different data, which is why we cannot provide any further information about the potential consequences of the hacker attack on individual affected individuals. We have now, as far as possible, individually notified people about whom sensitive data has been published and will continue to do so in the future if we become aware of such publications.

Regardless, as always, you should be vigilant about suspicious activity around you. For example, the following points should be taken into account:

  • Pay attention to whether emails or SMS come from trustworthy senders or whether they could be phishing, for example. The same applies to contacting us via other means.
  • Only open attachments and links from senders you trust. If you have any doubts about whether you can trust the sender, verify the sender's identity. Do not use the contact details contained in the email or SMS in question.
  • Be particularly careful with emails or other attempts to contact us that ask you to provide login details or other personal information.
  • Regularly update your operating system, use antivirus programs and update them regularly.
  • Use different passwords for different accounts. Change your passwords if, for example, you notice suspicious activity or a login does not work.
  • Regularly check your account transactions for unauthorized payment transactions. If payment flows not authorized by you take place, contact your bank immediately and, if necessary, have the account in question blocked.
  • If you see any suspicious activity, inform the police and file a report.

Further information on how you should behave if data is lost can be found in the BSI's checklists.

At this point we would like to emphasize again that we are not aware of any cases in which affected persons suffered material damage as a result of the cyber attack. We will inform you about further developments and findings on our website.

Further development

Of course, we will continue to keep you up to date on current developments and findings via our website.

Updated on 11 March 2024