The BSI, Germany’s cyber security defence agency, is now on the defence following a breach that affected Germany’s politicians including Angela Merkel.
On Friday, we brought you news that a security breach had occurred. The breach affected German politicians and celebrities. The breach also impacted various other members of the establishment including journalists and celebrities. On top of it all, the breach impacted German chancellor Angela Merkel.
Many politicians in Germany are no doubt asking what billions have asked following a security incident: how could this happen to me? Of course, being lawmakers, those questions are going to carry a lot more weight as they have more power to do something about it.
Of course, the fact that the breach occurred in the first place is causing many to ask questions over what happened in the first place. Some of those questions are being directed at the BSI, Germany’s cyber security defence agency.
The agency said that it was already aware of a few individual cases related to the breach. They suggest that they were operating under the idea that the individuals affected were single incidences and in no way connected. Unfortunately, they were wrong. When the whole data set became public, that’s when the agency said that they realized that a major breach took place. They suggest that prior to the release of the data set, there was no way to tell that the cases were linked in the first place.
From Reuters:
The BSI said in a statement that it was contacted by a lawmaker in early December about suspicious activity on their private email and social media accounts.
“Only by becoming aware of the release of the data sets via the Twitter account ‘G0d’ on Jan. 3, 2019, could the BSI in a further analysis on Jan. 4, 2019 connect this case and four other cases that the BSI became aware of during 2018,” it said.
“At the beginning of December 2018, it was not foreseeable that there would be more cases.”
The BSI said on Friday all but one of the seven parties in the lower house had been affected. German media said that party was the right-wing Alternative for Germany (AfD).
Some are now asking whether or not the security establishment had a lapse in security or if there are currently deficiencies in the system. Politicians are now contemplating regulation to further tighten security requirements of software and various platforms operating within the country as well.
Some might wonder more broadly if more can be done in the European union. Of course, Europe has already brought into force the General Data Protection Regulation (GDPR) back in June. So, as it stands now, heavy fines can be levied against online platforms who fail to adequately protect their users private information. Those fines, of course, do have teeth because they take a percentage of global revenue from the company itself. So, it’s unclear what more can be done other than refining that law itself.
Still, a fair question to be asking right now is if this breach is finally the breaking point. After billions of people have been affected by breaches, could this breach bring about legal change to finally address the problem of securing private information? As of now, there does appear to be political movement to find solutions. Whether or not that translates into any real change remains to be seen.
Drew Wilson on Twitter: @icecube85 and Google+.