Cyber Incident Victim: Österreichisches Verkehrsbüro

On October 28, 2022, the Österreichisches Verkehrsbüro Group experienced a cyberattack that forced its websites offline, affecting multiple subsidiaries including Hofer Reisen, Ruefa-Reisebüros, and Eurotours. The attack disrupted online operations across the group’s digital platforms, rendering them inaccessible to customers. Konzernsprecherin Andrea Hansal publicly confirmed the incident to the Tiroler Tageszeitung, attributing the outage to malicious hacker activity. Physical travel agency locations remained operational and reachable despite the online disruption, allowing continued in-person customer service. Initial assessments indicated no evidence of compromised Hofer Reisen customer data, though broader forensic analysis across all affected subsidiaries was not detailed in the initial disclosure.

The company emphasized that customer credit card information was not at risk due to reliance on external payment processors for transaction handling, insulating this data from direct exposure during the breach. No ransomware claims or specific attacker identities were disclosed in the immediate aftermath. Response efforts focused on restoring web services and investigating the attack’s scope, though technical remediation timelines and intrusion methods remained unspecified. Operational continuity measures prioritized maintaining physical agency functionality while addressing digital infrastructure compromises. The incident underscored vulnerabilities in the group’s web-facing systems while highlighting segregated protections for financial data through third-party payment partnerships.