luxtimes.lu | Luxembourg Times
Alex Stevensson
25/03/2026
Lessons learnt and CTIE phones and tablets now secure again, says digitalisation minister
Thousands of devices owned by the Luxembourg public sector found to be infected with malware at the end of February have since been updated and secured, digitalisation minister Stéphanie Obertin has said.
Thousands of devices owned by the Luxembourg public sector found to be infected with malware at the end of February have since been updated and secured, digitalisation minister Stéphanie Obertin has said.
The security breach was confirmed on 27 February but details were scant at the time, with LSAP deputy Ben Polidori submitting a written parliamentary question on the same day, to which Obertin provided a reply on Tuesday.
The malware was first discovered on 26 February; the day before it was confirmed publicly, the minister said. It was detected on the system that manages mobile devices (smartphones and tablets) - which was found to have been infected a few hours before the provider updated its system at the end of January.
Analysis showed that the “memory resident” malware gained access to the list of phones and tablets managed by the State Centre for Information Technology (CTIE), containing both data relating to the devices and their users. Data such as messages, calendars and photos stored on devices was not affected by the incident, Obertin said.
Furthermore, devices managed by the educational IT service, CGIE, such as school pupils’ tablets, are not believed to have been affected at all.
All 4,850 devices managed by the CTIE were affected, however, as the agency isolated and reinstalled the affected system.
According to Obertin, the security measures in place allowed the CTIE to quickly isolate the affected system as soon as it was discovered to have been infected, but declined to offer precise details, for security reasons, noting that such incidents can never be entirely ruled out. New insights have been gained from the incident, as with all incidents, she added.
The National Commission for Data Protection, the CNPD, was notified of the malware on 27 February and has completed its investigation but not yet reported back with its findings.
“State services remained permanently accessible and fully operational - both via the PC with which all civil servants are equipped as standard, and via mobile phone through the ‘web interface’,” Obertin assured, saying essential services never went offline.
