Data Leak in Sachsen-Anhalt Government After Software Upgrade: 750 Records Exposed

by Anika Shah - Technology
0 comments

Data Breach in Saxony-Anhalt: Software Migration Triggers Privacy Concerns

A software migration to the SAP-based “HKR” financial and administrative system in Saxony-Anhalt resulted in a confirmed data breach involving 750 records, according to the state’s Ministry of Finance. The exposed information included names, addresses, and banking details linked to travel expense reports. While the Ministry maintains the incident was isolated, internal reports and legislative critiques suggest a more extensive vulnerability within the state’s digital infrastructure.

Scope of the SAP System Breach

Scope of the SAP System Breach

The breach surfaced following the state’s transition to the new HKR software earlier this year. According to the State Commissioner for Data Protection, Christina Rost, her office received a formal report in mid-January regarding unauthorized visibility of sensitive personal data.

“The ministry reported an incident to us in mid-January. The subject of the report was an identified viewing authorization for addresses and bank details for travel expense settlements within the HKR system,” Rost confirmed. While the official count stands at 750 affected datasets, multiple state employees have reported to [MDR AKTUELL](https://www.mdr.de/nachrichten/sachsen-anhalt/landesverwaltung-datenschutz-panne-software-100.html) that the actual number of exposed records—including private citizen banking information—may be significantly higher.

Transparency and Legislative Oversight

The handling of the data leak has drawn sharp criticism from opposition members in the state parliament. Kristin Heiß, a member of the Left Party (Die Linke), has accused the Ministry of Finance of employing “salami tactics”—a strategy of releasing information in small, controlled increments rather than providing a full disclosure.

Heiß noted that when she submitted a formal inquiry regarding potential data protection issues, the Ministry characterized the problems as isolated incidents without disclosing the 750 records already reported to the Data Protection Commissioner. This lack of transparency has raised concerns regarding the state’s accountability during major IT transitions.

Systemic Challenges in Public Sector IT

Systemic Challenges in Public Sector IT

The issues in Saxony-Anhalt are not unique; they reflect a broader trend of complications during public sector digital transformations across Germany. Recent high-profile SAP implementation challenges include:

* Gesellschaft für Internationale Zusammenarbeit (GIZ): Experienced temporary disruptions in payment processing, as reported by [Die Welt](https://www.welt.de/).
* Saxony: The state’s fine collection office (Bußgeldstelle) was forced to halt dunning procedures due to software-related failures.
* Fraunhofer-Institut: Faced significant operational difficulties and cost overruns following a major software migration.

Status of the Data Security Gap

Status of the Data Security Gap

As of June 2026, investigations into the full extent of the vulnerability remain ongoing. While the Ministry of Finance asserts that the identified issues are being addressed, reports suggest that the data gap has only been partially closed. The State Commissioner for Data Protection has not received further formal reports, though the discrepancy between official figures and internal accounts continues to fuel public debate.

Key Facts Regarding the Incident

  • System Involved: HKR (SAP-based financial and administrative software).
  • Data Exposed: Names, addresses, and banking information.
  • Official Impact: 750 datasets confirmed by the Ministry of Finance.
  • Allegations: Opposition lawmakers claim the Ministry withheld information regarding the true scale of the breach.

Moving forward, the effectiveness of the state’s oversight will depend on whether the Ministry of Finance can provide a comprehensive audit of the HKR system. The incident serves as a reminder of the risks inherent in large-scale administrative software migrations and the critical importance of transparent communication when sensitive citizen data is at risk.

Related Posts

Leave a Comment