Search

Die Linke Confirms Data Stolen in Qilin Ransomware Attack

Cyber threats and incidents
By John Kevin Hao

Related

Cyber threats and incidents

West Pharmaceutical Services Hit by Disruptive Ransomware Attack

What happened West Pharmaceutical Services, a Pennsylvania-based manufacturer of injectable...
Read more
Cyber threats and incidents

MuddyWater Hackers Use Chaos Ransomware as a Decoy in Espionage Attacks

What happened Rapid7 researchers have attributed a cyberattack to MuddyWater,...
Read more
Cyber threats and incidents

Ransomware Group Claims Breach of Pro-Orbán Hungarian Media Firm

What happened The World Leaks cyber-extortion group has claimed responsibility...
Read more
Cyber threats and incidents

Two Americans Sentenced to Prison for ALPHV BlackCat Ransomware Attacks

What happened Two American cybersecurity professionals were sentenced to four...
Read more
Cyber threats and incidents

Sandhills Medical Foundation Ransomware Breach Draws Class Action Investigation Nearly a Year Later

What happened A ransomware attack on Sandhills Medical Foundation, a...
Read more

Share

What happened

Die Linke confirmed that data was stolen in a ransomware attack claimed by the Qilin group after attackers gained access to the party’s internal IT systems. The party said the intrusion affected internal communications, administrative files, and personal data. According to the report, Qilin listed Die Linke on its leak site and claimed to have taken around 1.5 terabytes of data. The party said an initial review found no evidence that highly sensitive membership databases or donation records were affected, but it acknowledged that other internal data was compromised. Die Linke said it informed data protection authorities, involved law enforcement, and began notifying potentially affected individuals while working with external forensic specialists to investigate the full scope of the incident.

Who is affected

The direct exposure affects Die Linke and individuals whose personal data or internal communications were stored in the compromised systems. The party said the breach involved administrative and internal information, though it did not confirm exposure of its highly sensitive membership or donation databases.

Why CISOs should care

This incident matters because it involves a political organization handling internal communications and personal data, with the attackers also using a public leak site to pressure the victim. It also shows how early scoping after a ransomware attack may distinguish between confirmed compromised data and other highly sensitive systems that, at least initially, do not appear affected.

3 practical actions

  1. Separate confirmed exposure from critical-system assumptions: Move quickly to establish which datasets were actually accessed so leadership does not overstate or understate the scope of compromise.
  2. Prepare for leak-site pressure alongside incident response: Ensure legal, communications, and security teams are ready for situations where attackers publicly claim large-scale theft before the full internal review is complete.
  3. Prioritize notification and regulatory coordination early: Align forensic review with data protection and individual notification obligations as soon as personal data exposure is suspected.

For more news about ransomware incidents involving stolen internal data, click Ransomware to read more.

IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

Previous article
Hims & Hers Warns of Data Breach After Third-Party Customer Service Platform Incident
Next article
Ransomware Attack on Vivaticket Disrupts Louvre and Major European Museums

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.