Private data stolen from hundreds of German politicians, including Chancellor Angela Merkel, have been released online, the government said Friday.
The information, which comprised home addresses, mobile phone numbers, letters, invoices and copies of identity documents, was published via Twitter in December but inexplicably only came to light this week.
It was not immediately clear whether the officials were targeted by hackers or were the victims of an internal leak.
“Personal data and documents belonging to hundreds of politicians and public figures were published on the internet,” government spokeswoman Martina Fietz told reporters, confirming that Merkel was one of them.
“The government is taking this incident very seriously.”
Among those affected were members of the Bundestag lower house of parliament, and the European Parliament, as well as those from regional and local assemblies, she said.
Deputies from all parties represented in the Bundestag were affected, as well as President Frank-Walter Steinmeier.
But Fietz said a preliminary investigation indicated that “no sensitive information or data” from Merkel’s office had been leaked.
Berlin’s political establishment reacted with alarm.
“Whoever is behind this wants to damage faith in our democracy and its institutions,” Justice Minister Katarina Barley said in a statement.
Beyond politicians, the leak also exposed the private data of celebrities and journalists.
The daily Bild and public broadcaster RBB first reported the leak.
Bild said it was not clear when the data theft began but said it continued until the end of October.
“At first glance, it does not seem that politically sensitive material was included,” RBB said.
“However the damage is likely to be massive given the volume of personal data published.”
‘Satire and irony’
Fietz said the amount of Merkel’s data that was exposed was “not excessive” but warned that some of the documents and information published might be faked.
Given the vast range of data hoovered up, RBB said it seemed unlikely that it was taken from a single source.
Parliamentary group leaders were notified of the attack late Thursday and the Federal Office for Information Security and the domestic intelligence service said they were investigating.
“According to our current information, government networks have not been targeted,” BSI tweeted.
The Twitter account @_0rbit published the links every day last month, along the lines of an advent calendar with each link to new information hidden behind a “door”.
The account, which calls itself God, was opened in mid-2017 and purportedly has more than 18,000 followers.
It described its activities as “security researching”, “artist” and “satire and irony” and said it was based in Hamburg.
A link to Merkel’s data showed two email addresses used by the chancellor, a fax number and letters apparently written by her and to her.
By midday Friday, Twitter had suspended the account.
Last year, the domestic intelligence service, the Office for the Protection of the Constitution, said there had been repeated cyberattacks against MPs, the military and several embassies that were allegedly carried out by Russian internet espionage group “Snake”.
Also known as “Turla” or “Uruburos”, the group — which targets state departments and embassies worldwide — is believed to have links to Russian intelligence.
Last March, computer networks belonging to the German government came under sustained attack and data from foreign ministry staff were stolen.
At the time, Moscow denied that Russian hackers were involved.