The GESIS data catalogue was victim of a hacker attack at the weekend and is therefore temporarily deactivated. The hacker seems to have been able to download the database with the user data. The data protection supervisory authority and the police have been informed.
On Friday, December 13th, 2019, GESIS received a blackmail email stating that all user data had been downloaded from the website for the GESIS data catalogue. As proof, the blackmailer sent a few screenshots from the database in the attachment. For a payment of 1500 euros in bitcoins, GESIS was offered to "find a solution to your security problem together".
The registration database for the data catalogue and SowiDataNet / datorium was affected, the remaining GESIS web instances were also exposed to severe attacks, but these could be warded off.
GESIS, of course, did not comply with the request for “protection money” as an institute funded by the federal and state governments and switched off the database and activated the GESIS data protection officer. The repository Sowidatanet / datorium, which uses the same registration database, was also switched off.
About 75,000 users of our services are affected by the hack, who have registered there with their e-mail and first and last name, sometimes with their postal address, in order to obtain survey data from the GESIS archive for secondary analysis. All users are personally informed by GESIS. The investigation into the incident and other actions are ongoing.
We'll keep you up to date.