Cyber Incident Victim: Fio banka

On August 30, 2023, multiple Czech banks, including Fio banka, Komerční banka, Česká spořitelna, ČSOB, and Air Bank, experienced cyberattacks during Wednesday morning hours. The incidents disrupted online banking services and caused accessibility issues on the institutions' public-facing websites. The Czech Office for Cyber and Information Security (NÚKIB) confirmed the attacks as distributed denial-of-service (DDoS) incidents, characterized by coordinated floods of artificial traffic intended to overwhelm network infrastructure. These disruptions prevented legitimate customers from accessing digital banking platforms during operational hours. No bank disclosed precise outage durations or technical specifics regarding the scale of traffic volumes involved. The attacks occurred simultaneously across multiple financial institutions, indicating a coordinated targeting of the Czech banking sector’s digital infrastructure.

The DDoS incidents caused functional impairments to customer-facing systems but did not involve unauthorized access to financial data or transactional systems based on available reports. Service interruptions primarily affected website availability and online banking portals, limiting customers’ ability to conduct digital transactions or access account information. NÚKIB’s public attribution to DDoS methodology provided immediate technical context for the disruptions without identifying potential perpetrators or geopolitical motives. No financial institutions reported data breaches, fund theft, or secondary attack vectors beyond the availability impacts. The banks issued public advisories acknowledging service degradation while restoring operations through unspecified mitigation measures. The coordinated nature of the attacks highlighted systemic vulnerabilities to volumetric DDoS campaigns within the national financial infrastructure.