Cyber Incident Victim: CWS International GmbH
Date:
May 2022
Location:
Netherlands
Summary
A cyberattack targeted CWS International GmbH, prompting the company to shut down and disconnect its entire data center to mitigate the incident and protect systems and data. The disruption prevented access to current customer information, impacting order processing, delivery schedules for new clothing, and replacements, while clean laundry distribution for items like work attire and linens faced potential deviations from planned timelines. The organization acknowledged that unauthorized third parties may have accessed its systems and data, apologized for inconveniences, and prioritized service restoration amid an ongoing investigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around May 1, 2022, CWS International GmbH, a cleaning and textile services company, experienced a cyberattack that disrupted its operations. The company initially referenced a "technical cause" for system failures on its public website but confirmed the incident as a cyberattack in direct communications with customers. CWS responded by proactively isolating its entire data center—shutting down and disconnecting systems—to contain the breach, protect data, and limit further damage. This containment measure immediately impaired operational capabilities, as the company lost access to current customer information, including recent order details, delivery schedules, and inventory data for corporate clothing and linen replacements. The disruption extended to service delivery timelines, with the company warning customers that clean laundry shipments (workwear, towels, and other linens) might deviate from normally scheduled intervals due to the inability to process real-time logistics data.
The incident investigation confirmed that unauthorized third parties potentially accessed CWS systems and data, though the specific scope of compromised information remained undetermined at the time of the notification. Operational impacts included the inability to fulfill new clothing orders, process inventory increases, or manage replacement requests efficiently. CWS acknowledged reduced customer service availability during the disruption, citing limited access to communication systems and advising clients to expect delays in response times. The company publicly apologized for the inconvenience, emphasized efforts to reorganize services "as quickly and accurately as possible," and committed to restoring normal operations pending the ongoing forensic investigation. No explicit timeline for full recovery was provided in the disclosed customer communication, and the company focused on maintaining limited service continuity while prioritizing system integrity through the isolation of affected infrastructure.