Overview
- The Federal Public Prosecutor in Karlsruhe confirmed an investigation into suspected secret‑service agent activity and declined to provide further details.
- The breach occurred in spring 2024 shortly before the European elections, with data from Friedrich Merz’s calendar and a large volume of his emails stolen.
- The party’s central membership database was compromised and temporarily shut down, putting data on roughly 363,000 members at risk and prompting a surge in phishing attempts.
- Technical reports indicate attackers exploited a zero‑day in Check Point access systems used by the CDU, a vulnerability that also affected other organizations even as the broader scope remains unclear.
- Earlier media pointed to a possible China lead that has not been confirmed, while the BSI and domestic intelligence handled mitigation and characterized the methods as those of a highly professional actor.