Cyber Incident Victim: Rostocker Straßenbahn AG
Date:
Nov 2023
Location:
Germany
Summary
A cyberattack targeted Rostocker Straßenbahn AG, disrupting communication systems, sales platforms, and digital passenger information services, though all public transport operations continued normally. The compromise extended to customer databases containing subscriber names and addresses managed for Verkehrsverbund Warnow, prompting collaboration with data protection authorities and external cybersecurity experts under GDPR obligations. Forensic investigations confirmed unauthorized data access, leading to direct customer notifications and temporary workarounds for ticket sales while critical systems like the ABO portal remained offline. Cash-only transactions were enforced at service points, and delayed billing processes were implemented for existing subscriptions during recovery efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 18, 2023, Rostocker Straßenbahn AG (RSAG) experienced a cyberattack targeting its IT systems, causing significant operational disruptions across communication and sales platforms. The incident immediately disabled multiple critical applications, including partial functionality of telephone and email systems, the ABO customer portal for subscription management, and digital passenger information displays. Despite these IT failures, all bus, tram, and ferry services operated normally. RSAG’s IT specialists initiated data protection protocols immediately after detecting the attack and engaged in forensic analysis while coordinating with the company’s data protection officer, external cybersecurity experts, and regulatory authorities under GDPR requirements. Initial recovery efforts focused on restoring business processes and internal workflows, though core customer-facing systems remained impaired for an extended period.
Subsequent forensic investigations confirmed the compromise of RSAG’s customer database, which contained personally identifiable information of subscribers managed on behalf of the Verkehrsverbund Warnow (VVW). Exfiltrated data included names and addresses, though the full scope of accessed records remained under assessment. RSAG and VVW committed to direct notifications for potentially affected customers once systems permitted. Operational impacts persisted through December 1, 2023, with ticket sales limited to cash transactions at specific service centers and select machines, while mobile ticketing and partner agencies remained functional alternatives. The ABO portal outage prevented new subscriptions for Deutschland-Tickets, requiring paper-based applications, and delayed December subscription fee collections until December 8. Customer service channels gradually resumed, though email communications sent between November 18–20 required re-sending due to system unavailability. Real-time data for online journey planners remained offline, and the Abruf-Linien-Taxi service operated via a temporary phone line. RSAG maintained public updates on restoration timelines and compensatory measures for disrupted services throughout the incident response period.