Cyberattack on Welthungerhilfe
This page was last updated on: 14.08.2025
We would like to inform you with the greatest possible transparency about a security incident that has affected Welthungerhilfe. You have likely seen in the news that hacker attacks targeting companies, public authorities, and organizations are becoming increasingly frequent — and are carried out with a high level of professionalism and precision.
Despite our high security standards, Welthungerhilfe has been the target of a criminal cyberattack, involving unauthorized access to our IT systems. Our IT team detected the incident immediately and initiated comprehensive countermeasures. Since then, we have been working closely with the relevant authorities and external IT experts who specialize in such cases.
On this page, we aim to provide answers to any questions you may have. If you have any questions, feel free to contact us by phone at 0228-2288176 or by email at spenden(at)welthungerhilfe.de.
What happened?
Welthungerhilfe was the target of a criminal cyberattack.
Despite our high security standards, the attackers were able to gain access to parts of our servers, where they accessed, encrypted, and in some cases stole stored data. The attack was carried out using what is known as “ransomware.”
As the investigation progressed, it became clear that personal data of some of our supporters was also affected. Unfortunately, we were unable to narrow down the exact group of affected persons whose data was leaked.
Since July 7, 2025, it has been kown that the hackers published the stolen data on the darknet.
How did we respond?
As soon as the attack was detected, we took immediate action: the affected systems were shut down right away, and external IT experts specialized in such cases were brought in. We informed the relevant data protection authority, involved our data protection officer, and reported the incident to the police. We continue to maintain close communication with both authorities. In addition, we have further strengthened the security of our systems by implementing additional technical safeguards.
Since the security incident, we have been working intensively to repair the damage and analyze which data was accessed.
Despite our high security standards, the attackers were able to gain access to parts of our servers, where they accessed, encrypted, and in some cases stole stored data.
Unfortunately, we were unable to narrow down the exact group of affected persons whose data was leaked.
What personal data is affected?
Despite our high security standards, the attackers were able to gain access to parts of our servers, where they accessed, encrypted, and in some cases stole stored data.
The following personal data could potentially be affected, provided we received this information from you in the past:
- Name, address, date of birth, email address, Phone number
- Payment data: IBAN/BIC or the email address linked to your PayPal account.
- Welthungerhilfe does not receive your online banking or PayPal passwords, nor do we store full credit card numbers. These details are not saved in our systems and are therefore not affected.
- Donation amounts
Unfortunately, we were unable to narrow down the exact group of affected persons whose data was leaked.
What does this mean for you?
Despite our high security standards, the attackers were able to gain access to parts of our servers, where they accessed, encrypted, and in some cases stole stored data.
Unfortunately, we were unable to narrow down the exact group of affected persons whose data was leaked.
In light of this, we kindly ask you to remain especially vigilant in the coming weeks. There is a possibility that your data could be misused for fraudulent purposes (e.g. phishing) or for unwanted marketing contact. We recommend the following precautions:
- Be cautious of unusual emails, phone calls, or payment requests.
- Delete suspicious emails from unknown senders and do not open any links or attachments unless you trust the source.
- Be alert to notifications about logins or changes to your account details with services you did not initiate.
- Check your bank account statements regularly. Direct debit transactions can usually be reclaimed by your bank within 8 weeks, unauthorized direct debit transactions even up to 13 months. If you notice anything unusual, contact your bank immediately.
The following website of the Federal Office for Information Security (BSI) contains additional useful information on the topic of identity theft: Identity theft via data leaks and doxing
Were donation funds stolen?
No, no donation funds were stolen. Our bank accounts were not affected by the cyberattack. All donations received by us remain secure and will continue to be used for their intended project purposes.
What does this mean for our project work?
Our work in project countries continues without interruption. We remain committed to supporting the people who rely on our assistance. In light of the many humanitarian crises around the world, our work is more important than ever.
Which project-related data is affected?
Despite high security standards, the attackers succeeded in gaining access to parts of our servers, encrypting the stored data, and in some cases stealing it. Based on our reconstruction, we assess the risk to our project work as low. The affected project information mostly originates from earlier periods and does not contain confidential personal data.
