Announcement

IT security incident at ZOiS

25/06/2026

Following a cyberattack on our file servers, we are currently investigating the circumstances and the potential scope of a data breach. Here, we provide information about the risks and the measures we have taken. 

What happened? 

On June 10, we learned that ZOiS has been the target of a cyberattack. Based on the information currently available, attackers gained access to our file servers at least once in the past. They had access to the files stored there. It is not possible to determine with absolute certainty the extent to which files were actually stolen or exactly which data was affected. The perpetrators of the attack are not yet known. As far as we know, our email servers were not affected by this attack.  

What does this mean for you? 

If we have stored data relating to you on our file server, it is possible that your personal data has been affected by this IT security incident. Unfortunately, we cannot rule out the possibility that the attackers have shared or leaked this data, or that this could still happen. 

We are aware that this may pose an additional risk to politically exposed persons and their family members. In this context, we would like to point out that ZOiS has been listed as an undesirable organization in Russia since October 2023: https://www.zois-berlin.de/en/about-us/news/archive-2023/russia-has-declared-zois-an-undesirable-organisation-1.  

Against this backdrop, Russian citizens who collaborate with us or have collaborated with us since then may face criminal prosecution by the Russian authorities. Regardless of this, the risk of phishing attacks is significantly increased for all those affected. 

There is also an increased risk that the data stored with us will be used to create specific profiles of the affected individuals, which could then be exploited in the context of social engineering - for example, for further phishing attempts.  

Furthermore, it cannot be entirely ruled out that attackers may attempt to initiate direct debits unnoticed using stored account information. You can dispute such unauthorized debits for up to 13 months. 

What actions has ZOiS taken? 

We have reported the incident to the relevant security authorities and are working with specialized service providers to conduct a forensic investigation of the incident and rule out the existence of any security vulnerabilities. The affected systems were temporarily taken offline, and all passwords were reset. In addition, we scanned the file servers and all devices with access to them for malware and removed it where necessary. 

The incident was reported to the data protection authorities in the proper form and within the required timeframe. An external data protection officer is advising us on all matters related to data protection law.

What can you do? 

Due to the risk of phishing attempts and social engineering, we strongly advise you to be particularly cautious when receiving and opening emails, to click only on trustworthy links, and to carefully verify the identity of the senders. 

You should also check your bank transactions regularly so that unauthorized debits can be reversed in a timely manner. 

If you have any questions, please contact the crisis response team established by ZOiS. You can reach us at krisenstab(at)zois-berlin(dot)de

We deeply regret the difficulties caused by the attack.