Cyberattackers: Many user accounts of unemployed people have been hacked, and new account details have been entered so that further payments can be redirected to the attackers' accounts. The problem: MFA is still not mandatory.
The Federal Employment Agency (BA) emphasizes in its announcement that its systems are not affected by the hacks, but rather customers' accounts. However, the agency is reacting and is now restricting the use of the BA's online accounts. Customers cannot currently change their address and account details in the eServices online themselves. This is due to unauthorized third parties accessing customers' private devices. Therefore, a "technical maintenance page" is currently set up on all online accounts of the Federal Employment Agency (BA) regarding personal data.
BA: Digital applications restricted
The hacking of customer accounts affects all customers. As a result, certain online benefits cannot currently be applied for. This can currently only be done in person through the job centers. The Federal Employment Agency (BA) has noticed the increasing number of changes and deactivated hundreds of identified online profiles. The login credentials were obtained via compromised private devices. According to current information, no payments have been made.
Multi-factor authentication only recommended
The Federal Employment Agency (BA) continues to recommend protecting accounts with multi-factor authentication, but does not require it. In addition to the passkey procedure, customers can also log in and authenticate themselves on the online portal using their BundID. BundID enables particularly secure access to the digital administrative services of the BA and the Family Benefits Office through the use of the eID function and the Elster certificate.
