A criminal cyber attack on our CAS operating infrastructure has partially disrupted our operations. Our security mechanisms were activated immediately and far-reaching protective measures were taken. The attack also included a sustained denial-of-service attack on our website cas.de. However, we were able to fend off this attack quickly and the website is available again as usual.
We are currently investigating the attack in detail together with our service provider, which is listed on the APT service provider list from the German Federal Office for Information Security (BSI). Our investigative approach follows the BSI guidelines for such incidents and, of course, emergency plans and security measures were activated promptly.
Our data centers for central standard product hosting, such as product configurators, SmartWe and CAS Communities, were not affected. All systems continue to operate without disruption and there are no indications of unauthorized access.
We would like to emphasize that there are no indications that any of our product features could have contributed to this situation. Furthermore, the operation of CAS solutions by you as a customer and by our partners is not affected by this. However, you may have noticed that there are some restrictions, for example, in the use of online help and address services.
Should you have any questions or concerns you can contact us via the usual communication channels such as e-mail and telephone.
Be assured that we are doing everything in our power to fully clarify this incident and ensure that our operations and services return to their usual reliable state as soon as possible.
We thank you for your trust and understanding during these exceptional circumstances.
Yours sincerely,
Your CAS Software AG team
11/21/2024 Update on the cyber attack on CAS Software AG
We would like to inform you about current developments following the criminal cyber attack on our CAS operating infrastructure.
On November 21, the criminals posted a file on the darknet that may contain stolen content. We currently have no knowledge of what data this file might contain. As the download from the darknet is very slow, we will only be able to obtain information about this content in the next few days. As soon as we have the information, we will inform any affected persons or companies in accordance with legal requirements.
We work together closely with the investigating authorities. Please understand that we are unable to provide any further information at this time due to the ongoing investigations.
Furthermore, we recommend that all internet users should always be careful with unknown email attachments and phishing emails and follow the BSI's recommendations for handling passwords.
As a precaution, we would like to point out that downloading such data is a criminal offence and that the file could also contain malicious code. We do everything we can to clear up the incident completely as soon as possible.
We thank you for your trust and understanding in this special situation.
Your CAS Software AG team
12/06/2024: Update on measures and information for those affected
CAS company databases partially affected by the attack
In our most recent investigations, we found that parts of the CAS corporate databases were indeed successfully attacked, compromised and in some cases stolen by the attackers. In accordance with Article 34 of the GDPR, we have started to inform the affected individuals and companies about the potential impact.
Our data centers for central standard product hosting such as product configurators, SmartWe and CAS Communities were not affected. These systems continue to operate without disruption and there are no indications of unauthorized access.
The operation of CAS solutions at our customers was also unaffected. There were restrictions here, for example, in the use of online help and address enrichment services.
We inform and warn our customers in the latest CRM news about current recommendations from renowned experts to improve cyber security. Please also share this information within your company.
We deeply regret the situation that has arisen and continue to work closely with the relevant data protection and criminal authorities to investigate the incidents and identify the perpetrators.
At the same time, we have further tightened our security measures to prevent future attacks. This includes technical improvements such as the “hardening” of our IT infrastructure as well as training and raising the awareness of our employees in order to establish a common cyber security mindset.
Thank you for your understanding and support. We remain at your disposal should you have any questions.
Yours sincerely,
Your CAS Software AG team
Do you have any questions?
We are happy to help you.
Our press team will be happy to answer any questions you may have.
Press team
Tel: +49 721 9638-782