The California Office of the Attorney General disclosed a data breach affecting ZEG – Berlin Center for Epidemiology and Health Research GMBH in November 2020, originating from a cyber incident detected on July 7, 2020. The breach was triggered by malicious code discovered on certain servers, compromising sensitive personal information. The exposed data included names and social security numbers, though the full scope of the breach such as the exact number of affected individuals or whether the data was exfiltrated was not explicitly detailed in the report. Given the nature of the compromised information, the incident poses significant risks, including identity theft, financial fraud, or targeted phishing attacks against the victims. As a research institution handling health-related data, the breach also raises concerns about regulatory non-compliance (e.g., GDPR or HIPAA-like protections) and potential reputational damage due to the failure to safeguard highly sensitive records. The presence of malicious code suggests an external cyber attack, though the exact attack vector (e.g., unpatched vulnerability, credential theft) remains undisclosed.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-196531
TPRM report: https://www.rankiteo.com/company/zeg-berlin
"id": "zeg1015090725",
"linkid": "zeg-berlin",
"type": "Cyber Attack",
"date": "7/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare/Research',
'location': 'Berlin, Germany',
'name': 'ZEG – Berlin Center for Epidemiology and '
'Health Research GMBH',
'type': 'Research Organization'}],
'data_breach': {'personally_identifiable_information': ['names',
'social security '
'numbers'],
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['personal information']},
'date_detected': '2020-07-07',
'date_publicly_disclosed': '2020-11-25',
'description': 'The California Office of the Attorney General reported a data '
'breach involving ZEG – Berlin Center for Epidemiology and '
'Health Research GMBH on November 25, 2020. The breach '
'occurred on July 7, 2020, due to the discovery of malicious '
'code on certain servers, potentially involving personal '
'information such as names and social security numbers.',
'impact': {'data_compromised': ['names', 'social security numbers'],
'identity_theft_risk': 'potential',
'systems_affected': ['certain servers']},
'post_incident_analysis': {'root_causes': ['malicious code on servers']},
'references': [{'date_accessed': '2020-11-25',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Data Breach at ZEG – Berlin Center for Epidemiology and Health '
'Research GMBH',
'type': 'Data Breach'}