Information on the cybersecurity incident of April 2023

In April 2023, the Anton Paar Group was the target of a cyberattack. To protect our systems and data, we immediately took most of our systems and services offline worldwide. We are working, as the utmost priority, to get our IT systems operational again. We are fully cooperating and supporting authorities and law enforcement with their investigation.

The cyber security incident led in some cases to unauthorized disclosure of personal information. Affected persons were promptly informed by the Anton Paar Group.

You may find answers to your questions in the FAQ section below. In case of very urgent questions that cannot be postponed, please send an email to gdpr[at]anton-paar.com.

Frequently Asked Questions

In April 2023, a cyber security incident occurred at the Anton Paar Group. To help you assess if and how you or your company might have been affected by this attack, please read the FAQ section below. This FAQ section is based on thorough analyses of the incident with the help of external cybersecurity experts and represents the best current knowledge.

How was the attack performed?
The attack was a ransomware attack initiated over phishing emails received on April 6, 2023. Anton Paar Group employees received a reply-chain email with a PDF attachment. The attachment contained a link to a ZIP file. Clicking on the link leads to installation of a WSF file. Up to April 19, 2023, a small, random selection (less than 1.3%) of files was extracted from our file system and our internal network was scanned for vulnerabilities. Data from other systems such as ERP or CRM were not accessible to unauthorized third parties, nor did data from these other systems reach third parties. Finally, on April 19, 2023, the group encrypted about 10% of our internal PCs and servers.

Why have many systems / services of Anton Paar been offline?
We took our systems offline as soon as we noticed the incident, as a precautionary measure. We have restored many business-critical systems already and are working, as the utmost priority, to get the rest operational again.

I have exchanged emails with Anton Paar after April 6. Should I be concerned?
No. We shut down our mail service as a precautionary measure ourselves and are working to make it fully available again.

I have downloaded data from the Anton Paar website after April 6. Should I be concerned?
No. Our website has not been targeted. We have shut down these services as a precautionary measure ourselves and are working to make them fully available again.

Are my personal data or data of my company affected?
In general, data of business partners is stored in separate, encrypted systems that were not the target of the attack. However, on some occasions, copies of such data were stored on our file system as well, of which a small fraction was extracted by unauthorized third parties. If we find that any personal data of business partners is affected, we will actively and directly notify the persons concerned.

Who is responsible for the processing of personal data?
Your contractual partner in your country is responsible for the processing of personal data. Please direct questions to: gdpr[at]anton-paar.com. Your contact person is Birgit Gruber.

I have received an invoice from Anton Paar. What should I do?
In general, such incidents increase the risk of follow-up criminal activity, where copycat operators try to exploit limited communication abilities. Please double check the payment information on your invoice. In case of doubt, verify it against your records, or by directly contacting your local Anton Paar representative.

Are the instruments and products of Anton Paar affected? Should we be concerned?
No. Our instruments are as safe to operate as they were before the incident.

We had a visit from an Anton Paar service engineer recently. Is there anything to consider?
No. The tools and methods used by our service engineers are as safe as they were before the incident.

We have scheduled a service visit or an installation in the near future. Is there anything to consider?
No. The tools and methods used by our service engineers are as safe as they were before the incident. However, we kindly apologize for any inconvenience caused in case a service visit or installation has had to be rescheduled or is rescheduled in the days and weeks to come. Quality and safety are our highest priority, and we are working hard to keep the impact for our valued customers as small as possible.

Which technical-organizational measures did Anton Paar take after the cyber security incident?

  • Heightening of security settings regarding incoming and outgoing emails
  • Information and updated guidelines for employees about handling suspicious emails
  • Ongoing information for employees about phishing attacks
  • Obligation to inform IT department if suspicious emails are in the inbox of employees
  • Assignment of external security experts to monitor the clear/dark web regarding data from Anton Paar
  • Further restrictions on remote access tools
  • Further restrictions on macros/scripts
  • Further restrictions on the use of USB ports

Further measures are being prepared and will be applied.