Overview
- A cloud hack on the Paderborn photo service left its online galleries offline after attackers reportedly accessed company cloud accounts, downloaded photos and customer data, and deleted the originals.
- The Staatsanwaltschaft Köln’s cybercrime unit has opened an early-stage criminal investigation against unknown suspects and says many factual details remain unclear.
- Regional data-protection offices have begun receiving reports, with one state authority logging about 20–25 notifications so far and warning that school and kindergarten photos may be among the material taken.
- Portraitbox informed its photographer clients but not end customers because it acts as a data processor, and photographers as data controllers carry the legal duty to notify authorities and affected people under data-protection rules.
- Security experts and authorities note the absence of the files on public leak sites so far, a pattern consistent with extortion tactics, and warn the theft could have wide privacy and safety consequences for families and children.