Two German federal ministers have been confirmed as victims of a sophisticated phishing campaign targeting users of the Signal messaging app, according to multiple verified reports. The attacks, which began in early 2026, have compromised the accounts of high-ranking officials across government, military, diplomacy, and journalism sectors, raising serious concerns about espionage and data security.
Education Minister Karin Prien of the Christian Democratic Union (CDU) and Housing Minister Verena Hubertz of the Social Democratic Party (SPD) are among those whose Signal accounts were breached, as reported by Der Spiegel and confirmed through subsequent investigations. The breach was achieved through deceptive messages impersonating Signal support, tricking users into revealing verification codes that granted attackers full access to message histories, contact lists, and group chats.
The Federal Prosecutor’s Office has launched an investigation into the incident on suspicion of espionage, citing the sensitive nature of the information potentially exposed. Officials warn that attackers could now access not only private conversations but also contextual data from group discussions involving party strategy, legislative planning, and international diplomacy.
Bundestagspräsidentin Julia Klöckner was previously identified as a victim in mid-April 2026, with reports indicating her compromised account may have exposed communications involving Chancellor Friedrich Merz, who is also her party leader. Although Merz’s own Signal account showed no signs of compromise, investigators noted he had been personally briefed by the Federal Office for the Protection of the Constitution regarding the threat.
The scope of the breach extends beyond individual accounts. Security officials estimate that hundreds of individuals connected to the Bundestag and federal ministries may have been affected, though exact numbers remain unconfirmed. The SPD has acknowledged that “a few” of its parliamentary members were impacted, while other parties have either declined to comment or stated they have no knowledge of such incidents within their ranks.
Signal, widely regarded as one of the most secure messaging platforms due to its end-to-end encryption, has been exploited not through a flaw in its protocol but via social engineering. Attackers sent fake alerts claiming unauthorized login attempts, urging recipients to re-verify their identity using a code. Once entered, this code allowed attackers to link a new device to the victim’s account, enabling silent interception of all future messages.
Experts emphasize that while Signal’s encryption protects message content in transit, it does not defend against credential theft or device-level compromise. The incident underscores the growing sophistication of phishing campaigns targeting high-value individuals, particularly those in positions of political influence.
The Federal Office for Information Security (BSI) has issued guidance urging all public officials to enable registration lock features within Signal, verify safety numbers with contacts regularly, and remain vigilant against unsolicited verification requests. Officials also recommend using separate, dedicated devices for sensitive communications where feasible.
As of late April 2026, the Federal Prosecutor’s Office continues to assess whether the breach constitutes a threat to national security. No arrests have been made, and the origin of the attacks remains under investigation, though early indicators point to possible foreign intelligence involvement.
For updates on the investigation, the public is encouraged to monitor official statements from the Federal Prosecutor’s Office and the Federal Office for the Protection of the Constitution. Further advisories from the BSI on securing personal communication channels are expected in the coming weeks.
This incident serves as a stark reminder that even the most secure tools can be undermined by human vulnerability. In an era of persistent cyber threats, vigilance and layered security practices remain essential for protecting democratic institutions and national interests.
Stay informed, stay secure, and consider reviewing your own digital hygiene practices — because in today’s interconnected world, the strength of our systems depends not only on technology, but on the awareness of those who utilize them.