US Investigations Services, a contractor in charge of conducting federal background checks, was attacked in 2013. The stolen goods were files used for background checks on federal employees and contractors with access to classified intelligence. Over the past several years there have been limited examples of SAP exploitation in the public domain. An SAP Trojan was reported in the wild in 2013, but there was no confirmation of organizations successfully attacked using it. The attack against USIS played at least a partial role in the company shutting its doors this year.”]
Source: https://www.darkreading.com/attacks-breaches/first-example-of-sap-breach-surfaces