diff --git a/FitConnect/Services/Models/v1/Api/Problems.cs b/FitConnect/Services/Models/v1/Api/Problems.cs
index 20b8fa2b7313d66a5b1508ad7398c8cf4b1cec3a..52cd3f36e09dedf6036e0763907833a95937b1df 100644
--- a/FitConnect/Services/Models/v1/Api/Problems.cs
+++ b/FitConnect/Services/Models/v1/Api/Problems.cs
@@ -13,6 +13,7 @@ public class Problems {
     public const string TitleAuthenticationTagInvalid = "Authentication-Tag ungültig";
     public const string DetailAuthenticationTagMissing = "Das Event 'submit-submission' enthält keine Authentication-Tags.";
     public const string DetailAuthenticationMetadataInvalid = "Das Authentication-Tag des Metadatensatzes ist ungültig.";
+    public const string DetailAuthenticationAttachmentInvalid = "Das Authentication-Tag der Anlage {attachmentId} ist ungültig.";
     
     public const string TitleEncryptionIssue = "Entschlüsselungs-Fehler";
     public const string DetailEncryptionIssue = "Die Entschlüsselung des Metadatensatzes ist fehlgeschlagen.";
@@ -78,7 +79,7 @@ public class Problems {
         switch (problemType) {
             case ProblemTypeEnum.MissingAttachments:
                 type += "missing-attachment";
-                title = TitleEventLogInconsistent;
+                title = TitleAttachmentsMismatch;
                 instance = "submission";
                 break;
             case ProblemTypeEnum.AttachmentMismatch:
@@ -178,7 +179,7 @@ public class Problems {
             ProblemTypeEnum.AttachmentMismatch,
             "Fehlerhafte Anlagen-Liste",
             "Die Liste der Anlagen in Submission und Event-Log stimmt nicht überein.",
-            ProblemInstanceEnum.Submission);
+            ProblemInstanceEnum.Metadata);
 
     public static readonly Problems EncryptionIssue =
         new Problems(
diff --git a/FitConnect/Subscriber.cs b/FitConnect/Subscriber.cs
index 6a0c4963f41777258c730d8591afe0d3528b0796..998e56a8a3fb56e5fc79b899ca332e992fb47f4d 100644
--- a/FitConnect/Subscriber.cs
+++ b/FitConnect/Subscriber.cs
@@ -216,6 +216,8 @@ public class Subscriber : FitConnectClient,
             ? null
             : (JsonConvert.DeserializeObject(jsonString) as JObject)?["$schema"]?.ToString();
 
+    #region Check Submission and Reject if needed
+
     private void CheckDataSchema(string dataSchema, Submission submission) {
         var dataSchemaObject = JsonSchema.FromUrlAsync(dataSchema).Result;
         var jSchema = JSchema.Parse(dataSchemaObject.ToJson());
@@ -229,7 +231,6 @@ public class Subscriber : FitConnectClient,
         }
     }
 
-    #region Check Submission and Reject if needed
 
     private void VerifyDataHash(Submission submission, string dataString) {
         if (submission.Metadata?.ContentStructure.Data.Hash.Content ==
@@ -310,16 +311,28 @@ public class Subscriber : FitConnectClient,
     private void CheckAttachments(Submission submission,
         Dictionary<string, string> attachmentSignatures) {
         if (submission?.Attachments != null) {
-            if (submission.Attachments.Count != attachmentSignatures.Count) {
-                RejectSubmission(submission, Problems.AttachmentsMismatch);
-                throw new ArgumentException("Attachment count mismatch");
+            // SuccessCriteria:3.12
+            if (submission.Attachments.Count != attachmentSignatures.Count ||
+                !submission.Attachments.TrueForAll(a => attachmentSignatures.ContainsKey(a.Id))) {
+                var problem = new Problems(Problems.ProblemTypeEnum.AttachmentMismatch,
+                    Problems.DetailAttachmentsMismatch);
+                RejectSubmission(submission, problem);
+                throw new SecurityEventException(problem);
             }
 
+            // SuccessCriteria:5.2
+            var problems = new List<Problems>();
             foreach (var attachment in submission.Attachments) {
                 if (attachmentSignatures?[attachment.Id] !=
                     attachment.AttachmentAuthentication) {
-                    RejectSubmission(submission, Problems.IncorrectAuthenticationTag);
-                    throw new AggregateException("Attachment signature mismatch");
+                    var problem = new Problems(Problems.ProblemTypeEnum.IncorrectAuthenticationTag,
+                        Problems.DetailAuthenticationAttachmentInvalid);
+                    problems.Add(problem);
+                }
+
+                if (problems.Count > 0) {
+                    RejectSubmission(submission, problems.ToArray());
+                    throw new SecurityEventException(problems.ToArray());
                 }
             }
         }
@@ -463,6 +476,12 @@ public class SecurityEventException : Exception {
         Detail = problem.detail;
     }
 
+    public SecurityEventException(Problems[] problem, Exception? innerException = null) : base(
+        $"{problem[0].title}: {problem[0].detail}", innerException) {
+        Title = problem.Select(p => p.title).Aggregate((a, b) => a + "\r\n" + b);
+        Detail = problem.Select(p => p.detail).Aggregate((a, b) => a + "\r\n" + b);
+    }
+
     public SecurityEventException(string title, string detail, Exception? innerException = null) :
         base(
             $"{title}: {detail}", innerException) {
diff --git a/IntegrationTests/Sender/SenderTestHappyPath.cs b/IntegrationTests/Sender/SenderTestHappyPath.cs
index 90d46fa2bd0f277d41b1acb7862da0060de90ab1..e1ce9a0e0b8c884d6c25faa477718cb2d1b6f248 100644
--- a/IntegrationTests/Sender/SenderTestHappyPath.cs
+++ b/IntegrationTests/Sender/SenderTestHappyPath.cs
@@ -95,8 +95,8 @@ public class SenderTestHappyPath : SenderTestBase {
         public string Schema { get; set; } =
             "https://git.fitko.de/fit-connect/sdk-dotnet/-/raw/feature/594-auto-reject/simple_schema.json";
 
-        public string FirstName { get; set; }
-        public string LastName { get; set; }
+        public string? FirstName { get; set; }
+        public string? LastName { get; set; }
         public int Age { get; set; }
     }