Big Direk Gesund identified unauthorized access to a restricted area of their servers they started a review of their entire IT system immediately after this incident.
Data was also obtained during access and some of it was also withdrawn, it was discovered during the study of a potential data outflow.
In order to understand the situation and come up with ways to limit the spread of the released material as much as possible, the organisation worked together with outside experts, law enforcement officials, data protection authorities, and the Federal Office for Information Security.
They have taken this issue very seriously and have taken advantage of it to thoroughly evaluate their security procedures and put new security measures in place.
Source: https://www.big-direkt.de/de/information-zum-unautorisierten-zugriff-auf-die-big-vom-28032023
TPRM report: https://scoringcyber.rankiteo.com/company/big-gesundheit-die-direktkrankenkasse
"id": "big135330723",
"linkid": "big-gesundheit-die-direktkrankenkasse",
"type": "Data Leak",
"date": "05/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'name': 'Big Direk Gesund', 'type': 'Company'}],
'attack_vector': 'Unauthorized Access',
'data_breach': {'data_exfiltration': True},
'description': 'Big Direk Gesund identified unauthorized access to a '
'restricted area of their servers. Data was obtained and some '
'of it was withdrawn. The organization worked with outside '
'experts, law enforcement, data protection authorities, and '
'the Federal Office for Information Security to understand the '
'situation and limit the spread of the released material. They '
'thoroughly evaluated their security procedures and '
'implemented new security measures.',
'impact': {'data_compromised': True},
'lessons_learned': 'The organization thoroughly evaluated their security '
'procedures and implemented new security measures.',
'regulatory_compliance': {'regulatory_notifications': True},
'response': {'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': True,
'third_party_assistance': True},
'title': 'Unauthorized Access and Data Breach at Big Direk Gesund',
'type': 'Data Breach'}