Austria's Ministry of the Interior (BMI) suffered a targeted and professional cyberattack resulting in the breach of 100 out of 60,000 government email accounts. While the exact type and volume of stolen data remain undisclosed, officials confirmed no Austrian personal data or law enforcement information was compromised. The attack was detected after IT operations identified irregularities in one of the ministry’s systems, prompting a disconnection of affected systems from the internet for cleanup. Backup communication measures were implemented to maintain operations with law enforcement. The investigation, led by Austria’s Federal Criminal Police Office and public prosecutor, is ongoing, with no attribution yet to a specific hacking group or nation-state. The BMI emphasized that police operations were unaffected, though some services remain disrupted. The attack aligns with broader trends of state-backed cyberespionage, particularly from actors like China, which has targeted government email systems via vulnerabilities in platforms like Microsoft Exchange Server. The breach follows recent warnings from the Five Eyes alliance about global espionage campaigns, including those by the Chinese group Salt Typhoon, which compromised telecom firms in over 80 countries.
Source: https://www.bankinfosecurity.com/austrias-interior-ministry-sees-100-email-accounts-breached-a-29340
TPRM report: https://www.rankiteo.com/company/innenministerium
"id": "inn900090225",
"linkid": "innenministerium",
"type": "Breach",
"date": "9/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': '100 email account holders '
'(internal)',
'industry': 'Public Security',
'location': 'Vienna, Austria',
'name': "Austria's Ministry of the Interior (BMI)",
'type': 'Government Agency'}],
'data_breach': {'data_exfiltration': 'Confirmed (unspecified quantity)',
'personally_identifiable_information': 'None',
'sensitivity_of_data': ['Non-personal', 'Non-law enforcement'],
'type_of_data_compromised': ['Unspecified government data']},
'description': 'The Austrian Ministry of the Interior (BMI) disclosed a '
'targeted and professional cyberattack that breached '
'approximately 100 out of 60,000 government email accounts. '
'The attack, detected several weeks prior, led to unauthorized '
"access to the BMI's mail server and theft of unspecified "
'data. No Austrian personal data or law enforcement '
'information was compromised. The ministry disconnected '
'affected systems for cleanup and is conducting an '
'investigation with the Federal Criminal Police Office and '
'public prosecutor’s office. The attack vector remains under '
'investigation, though nation-state actors (e.g., China, '
'Russia) are suspected based on broader trends in '
'government-targeted cyberespionage.',
'impact': {'brand_reputation_impact': ['Potential reputational risk due to '
'nation-state attack suspicion'],
'data_compromised': ['Unspecified government data (non-personal, '
'non-law enforcement)'],
'downtime': ['Partial disruption of services (ongoing '
'restoration)'],
'identity_theft_risk': 'None (no personal data compromised)',
'operational_impact': ['Backup communication measures implemented',
'Police operations unaffected'],
'payment_information_risk': 'None',
'systems_affected': ['BMI mail server',
'100 email accounts (out of 60,000)']},
'initial_access_broker': {'high_value_targets': ['Government email accounts']},
'investigation_status': 'Ongoing (led by Federal Criminal Police Office and '
'public prosecutor’s office)',
'motivation': ['Espionage', 'Cyberwarfare'],
'references': [{'source': 'Information Security Media Group (ISMG)'},
{'source': 'Wikimedia Commons (Image: Palais Modena)',
'url': 'https://commons.wikimedia.org'},
{'source': 'Five Eyes Intelligence Alliance Warning on Salt '
'Typhoon (Chinese state-backed group)'},
{'source': 'Dutch Military Intelligence Report on Chinese '
'Cyberespionage'}],
'regulatory_compliance': {'legal_actions': ['Investigation by Federal '
'Criminal Police Office and '
'public prosecutor’s office']},
'response': {'communication_strategy': ['Press briefing by Interior Minister '
'Gerhard Karner',
'Notifications to affected '
'accountholders'],
'containment_measures': ['Disconnected affected systems from the '
'internet',
'Comprehensive cleanup of IT systems'],
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes (internal and external '
'coordination)',
'recovery_measures': ['Backup communication measures for '
'internal and law enforcement '
'coordination'],
'remediation_measures': ['Ongoing investigations into attack '
'vectors',
'System restoration'],
'third_party_assistance': ['Federal Criminal Police Office '
'(cybercrime center)',
'Public prosecutor’s office']},
'stakeholder_advisories': ['Notifications to affected accountholders'],
'title': "Austria's Interior Ministry Email Accounts Breach",
'type': ['Cyberwarfare',
'Nation-State Attack',
'Data Breach',
'Unauthorized Access']}