DE: German BSI Provides Information Regarding Online Skimming at a Minimum of 1,000 Online Stores

In its press release, the German Federal Office for Security in Information Technology (BSI) provided information concerning the online skimming of at least 1,000 German online stores that are based on the widely used software Magento. Despite the fact that the Federal Office for Information Security pointed this out to the operators, very little seems to have been done.

The Federal Office for Information Security determined that many of the stores are running outdated versions of the software and that security updates or patches have not been widely integrated. In its press release, the Federal Office for Information Security recommends that store operators who use Magento use the "MageReport" tool in order to identify any gaps in security that need to be remedied. The Federal Office for Information Security also advises consumers to use MageReport to check an online store before using it.

In this context, the Federal Office for Information Security draws attention to the provision in Section 13 para. 7 of the German Telemedia Act (TMG), according to which, operators of online store or other telemedia services are obligated to protect the services and the infrastructure used for such services against attacks. The law makes it clear that these services must also be protected against personal data breaches.

This reference is important because this relatively new provision is still largely unknown. An infringement constitutes an administrative offense (Section 16 para. 2 sent. 3 TMG). There is a risk of a fine of up to 50,000 euros.

Responsibility for the prosecution and the imposition of the fine may vary between federal states. In North Rhine-Westphalia, for example, the data protection officer is responsible for data protection and freedom of information in the state of North-Rhine Westphalia (Section 2 of the German Telemedia Competency Act – TMZ-Gesetz).

According to information from the Federal Office for Information Security, there is currently no intention to send a list of the operators to the authorities responsible for administrative offenses.

Data protection officers and information security officers are therefore strongly advised to consider the safeguarding of telemedia services and to document the planned measures and the implementation thereof. Smaller store owners are advised to address the subject themselves or to commission experts to do so.

Further informationen:

Photo: © alphaspirit - Fotolia

Rating: 5 (1)

© 2012 - 2019 |  2B Advice LLC - the privacy benchmark
7220 Avenida Encinas Ste 208 | Carlsbad | CA | 92011 | Phone: +1 (858) 366-9750 | Fax: +1 (212) 898 1248 | Email:
The pages do not contain any legal advice | No responsibility for the accuracy of the information. Please also notice: Privacy Notice | Legals

2B Advice GmbH Italy
2B Advice GmbH Germany | 2B Advice s.r.o. Slovakia United States of America | Slovakia | Germany | San Diego | Bonn | Berlin | Munich | Brezno | Verona