165 gigabytes on the darknet

An attack straight out of a hacker movie: the cyber gang "Warlock" reports from the underground and claims to have broken into the HR software provider Infoniqa - with a hefty haul: a whole 165 gigabytes of internal and sensitive data are said to have been stolen. This allegedly includes financial data, CRM systems, employee information - and particularly explosive: the HR database, i.e. precisely the information that Infoniqa manages on behalf of companies about their employees.

The data cannot yet be viewed, but the threat of publication is looming. Evidence? None so far. But the panic is there.

Infoniqa admits: Yes, there was a data outflow

Infoniqa has since confirmed the attack. According to the company, the cyber incident occurred on the night of August 4, 2025. The hackers used a zero-day vulnerability in Microsoft Sharepoint to penetrate the system - in other words, a vulnerability that Microsoft had not even closed at the time.

The company emphasizes that only one segment of the network was affected. The good news: not all 30,000 customers need to worry. The bad news: 300 companies in Austria had to be informed. Germany and Switzerland were not affected - at least according to the official statement.

Is that true? This cannot yet be independently verified. This is because the gang has not yet published any evidence of the claimed amount of data - 165 gigabytes after all. No data sample, no directory structure, nothing.

No ransom payment - so the data ends up on the darknet?

Apparently, Infoniqa was asked to pay. However, the company decided against paying a ransom - an ethically and legally understandable step, but one that could have consequences: The hackers now want to sell the data on the darknet.

Meanwhile, Infoniqa remains professional and explains that it is working with the authorities, has informed affected customers and is relying on measures such as system hardening, network segmentation and customer support. External IT forensic experts are also being deployed. Motto: "Thoroughness before speed."

Nevertheless, according to Infoniqa, all systems should be up and running again just eight days after the attack, on August 12 - with the exception of the "ONE Start Cloud", for which customers will have to switch to an alternative.

Trust is at stake here

An HR service provider is hacked - and suddenly sensitive employee data is floating around on the darknet? This is not a nightmare, it's reality. This is not about a few Excel spreadsheets - anyone who entrusts their HR data to a service provider must be able to rely on this data being secure. Period.

And when phrases like "only 1% of customers are affected" are used, it seems like a placebo against the real catastrophe: The enemy was in the system - and took advantage of it. The investigation must be transparent, consistent and public. And not just for the customers affected, but for everyone who has entrusted Infoniqa with their data. When personnel files become a commodity, data protection is more than just a paragraph - it's a matter of getting down to business.