Menu
Browse

Cyber Incident Victim: Westbahn

Date:

Oct 2023

Location:

Austria

Summary

Westbahn experienced a cyberattack on its IT systems that mainly impacted administrative networks, giving attackers access to the systems. The company said that data exfiltration could not be ruled out and that the possibly compromised data include business, employee and customer information, while noting that credit card data are processed by external providers and were not affected; train operations continued without interruption, authorities were informed, and an investigation with internal and external experts is ongoing to assess the full impact and strengthen security.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 2 motives 1 technique
Threat Actors Type Location
0 actors Available to members Available to members

Description

On Thursday, 19 October 2023, Westbahn experienced a cyberattack on its IT systems. The attack primarily affected administrative systems within the company. An internal expert team detected the intrusion and took immediate steps to stop the attack. Following containment, Westbahn’s IT department began an investigation with external support. The company confirmed that attackers had gained access to its systems and could not rule out that data had been exfiltrated.

Cyber Incident Image

Based on the investigation’s current findings, the potentially compromised data include business, employee, and customer information. Westbahn emphasized that it does not process credit card data, as payment handling is outsourced to external service providers. The railway operation and train services continued without interruption, and ticket sales remained available through all channels. Customers were informed that, due to the possible data leakage, they might receive unsolicited messages such as spam or phishing. Westbahn reported the incident to the relevant data protection authorities in accordance with legal requirements.

To address inquiries, Westbahn established a dedicated hotline (+43 1 361 0366 548) and an email address ([email protected]) for affected individuals. The company also published a FAQ section covering topics such as the attack’s origin, the types of data involved, authority notification, and the status of remediation efforts. As part of its response, Westbahn advised customers to change their login credentials for the “Meine Westbahn” online accounts. The company noted that, according to the information available at the time, no passwords had been stolen, but the credential change was requested as a precautionary measure. Westbahn stated that it would continue to work on securing its systems and reserved the right to pursue further legal steps related to the incident.

Sources
Sources available to members
2 sources