Cyber Incident Victim: SNCB

On the night leading into Thursday, January 18, 2024, the Belgian national railway company NMBS/SNCB experienced a significant cyberattack described by officials as a "large-scale" incident. The attack began around 2:00 AM when threat actors launched a distributed denial-of-service (DDoS) assault targeting the company's website. This type of attack overwhelms online systems by flooding them with excessive traffic, rendering them incapable of processing legitimate requests. As a security precaution, NMBS/SNCB immediately deactivated its website upon detecting the attack. The disruption subsequently affected multiple critical passenger information systems, including the railway's mobile application and real-time departure/arrival screens installed across Belgian train stations. Company spokesperson Bart Crols confirmed these technical failures persisted through the early morning hours, coinciding with peak commute times.

The cascading system failures created substantial operational challenges during recovery from severe winter weather that had disrupted services the previous day. Passengers could not access digital platforms to verify train schedules, purchase tickets online, or confirm service restoration following snow-related cancellations. This information blackout persisted until approximately 7:30 AM when technicians fully restored all affected systems. NMBS/SNCB issued a public apology late Thursday morning acknowledging the disruption's impact on travelers and announced its intention to file criminal charges against the perpetrators. No evidence suggested passenger data compromise or financial theft during the incident. Service normalization occurred within five and a half hours of initial detection, with all digital platforms and station information displays returning to full functionality by the stated resolution time.