In accordance with the applicable data protection regulations (Art. 34 General Data Protection Regulation, GDPR), ICMPD is obligated to inform all individuals whose data has been affected by the incident.
In the past years and months, you participated in activities conducted by ICMPD such as studies, workshops, study visits, conferences etc. and provided personal information in this context. Due to the still ongoing forensic analysis, we cannot yet provide a final assessment of all data affected by the incident. From what we are able to assess so far the stolen data include:
Personal information as for instance full names, addresses, phone numbers, citizenship, emergency contacts etc.
- Personal information as for instance full names, addresses, phone numbers, citizenship, emergency contacts etc.
- Copies of proof of identity (e.g. passport or ID cards)
- (anonymised) Interview/Questionnaire
- Video/Voice recordings
- if applicable, refugee status
- if applicable, employment/medical information
It must be assumed that the attackers will try to publish or sell at least parts of the stolen data.
Possible offences related to the misuse of personal data might include:
- Acts of fraud (e.g. online orders, online sales, etc.) or deception (e.g. creation of websites with the obtained personal information) using the stolen data
- Registration of accounts for the purpose of carrying out criminal acts online using the stolen data
- Use of stolen data to spread fake news or disinformation campaigns (e.g. creation of false social media accounts etc.)
- Direct blackmail or threats of the concerned individuals
ICMPD is currently not aware of any data leaks or misuse of stolen data; the situation is of course constantly monitored in coordination with the competent authorities. Should you have any further questions, please get in touch with firstname.lastname@example.org.
We apologise for any inconvenience resulting from this cyber-attack, and thank you for your understanding.
ICMPD Cyber Incident Response Team