Contacts, private chats, and financial details of politicians, celebrities, and journalists were released on Twitter. Chancellor Angela Merkel was reportedly targeted in the attack but no sensitive data was released, a government spokeswoman said.
Other public figures had addresses, personal letters, and copies of identity cards posted to Twitter.
In a news conference, spokeswoman Martina Fietz confirmed personal data and documents “belonging to hundreds of politicians and public figures” had been released online.
German media said a fax number and two email addresses used by Merkel had been published.
“The information and data drained from the chancellery and that relate to the chancellor are manageable,” Fietz said.
The data was pushed to Twitter in the style of an advent calendar during Dec. 2018, but the story was only broken by public broadcaster RBB on Jan. 3, once officials became aware of what had happened.
While nothing in the data incriminates anybody very seriously, the sheer amount of personal information indicates there could be serious repercussions, according to RBB reporter Michael Götschenberg. Among those targeted were politicians from the ruling center-right and center-left parties, journalists from public broadcasters ARD and ZDF, TV satirists, and rappers.
One satirist, Christian Ehring, had his holiday photos posted online along with 3.4 gigabytes of data, according to the BBC.
“Whoever is responsible wants to intimidate politicians. That will not succeed,” said Lars Klingbeil, secretary general of the center-left Social Democrats, Merkel’s coalition partner.
It isn’t clear if the information was released as a result of a hack or an internal leak, Germany’s interior ministry said.
Previously, such attacks in Germany have been blamed on Russian hacking groups, although the Kremlin has denied involvement.
Last year, the foreign ministry’s computers were attacked in a major breach, lawmakers said, which some blamed on Russia at the time.
German cyber-security analyst Sven Herpig told the BBC that the way the attack was carried out indicated Russian involvement. He also said the timing was significant, with Germany in the process of four state elections and elections to the European Parliament.
British computer security expert Graham Cluley wrote that the breadth of the attack “suggests that this has been a coordinated effort by a determined group over many many months.”
“This hack clearly isn’t about extortion or financially-motivated. This is about attempting to destabilize Germany society,” Cluley wrote.
He said it’s most likely the information was stolen by using phishing attacks to steal passwords, which were then used to access the victims’ other online accounts.
Reuters contributed to this report.