Skip to main content

Information about the cyber attack on the Museum für Naturkunde Berlin

MfN Fassade

Notification in accordance with Art. 34 GDPR

Information about the type of data protection incident

During a cyber attack in October 2023, part of the museum's data was copied and stolen by the attackers, including personal data. Parts of the stolen data were published by the attackers on 4 December 2023. The analysis of the cyber attack and the investigation into which data was affected will probably take some time. We currently do not know whether it will be possible to obtain further information about the leaked data. According to the current state of knowledge, we cannot rule out the possibility that some of our contacts' and partners' data may have been compromised.

The stolen data was not encrypted, i.e. all data is still available to us. 

Countermeasures taken

We have set up a crisis team and are working closely with the State Criminal Police Office (LKA), the Federal Office for Information Security (BSI), our internal Data Protection Officer and a law firm specializing in data protection law. We reported the incident to the Berlin State Data Protection Officer. Since then, we have regularly reported new findings and developments to the Berlin State Data Protection Officer.

We also subject our entire IT infrastructure to a complete inspection by specialized forensic experts. Afterwards, we will gradually rebuild the IT infrastructure. We are not yet able to say exactly when this will be the case. We will report on the current status on our website on an ongoing basis.

Possible consequences of the data protection incident and proposed protective measures

Analysis of the published data is currently underway. If possible, we will contact people whose particularly sensitive data has been published directly and inform them as soon as we become aware of such publications.

Regardless, as always, you should be vigilant about suspicious activity around you. For example, the following points should be taken into account:

  • Pay attention to whether emails or SMS come from trustworthy senders or whether they could be phishing, for example. The same applies to contacting us via other means.
  • Only open attachments and links from senders you trust. If you have any doubts about whether you can trust the sender, verify the sender's identity. Do not use the contact details contained in the email or SMS in question.
  • Be particularly careful with emails or other attempts to contact us that ask you to provide login details or other personal information.
  • Regularly update your operating system, use antivirus programs and update them regularly.
  • Use different passwords for different accounts. Change your passwords if, for example, you notice suspicious activity or a login does not work.
  • Regularly check your account transactions for unauthorized payment transactions. If payment flows not authorized by you take place, contact your bank immediately and, if necessary, have the account in question blocked.
  • If you see any suspicious activity, inform the police and file a report.

We are not aware of any cases in which affected individuals suffered material damage as a result of the cyber attack. We will inform you about further developments and findings on our website.

Further development

Almost every day there is new information and developments that arise in the course of the analysis and require a reassessment of the overall situation and the measures taken. We will keep you up to date on current developments and findings via our website.

Updated on 11 January 2024