Cyber Incident Victim: Czech Statistical Office

On October 20-21, 2017, during the Czech Republic’s parliamentary elections, a distributed denial-of-service (DDoS) attack targeted infrastructure supporting two websites operated by the Czech Statistical Office (CSU): volby.cz and volbyhned.cz. The attack occurred while these sites were publishing election results, causing temporary partial inaccessibility. The CSU confirmed the attack impacted servers hosted by telecommunications provider O2 but clarified it did not compromise the transmission infrastructure delivering results to CSU headquarters or the independent processing of election data. Results showed billionaire Andrej Babiš’s ANO party leading with nearly 30% of the vote. Services were restored after the attack subsided, with both websites returning to normal operation. No data manipulation or theft was reported.

The incident occurred amid heightened scrutiny of election integrity following a separate cyberattack earlier in 2017 targeting the Czech Foreign Ministry. In that prior incident, hackers allegedly accessed emails of Foreign Minister Lubomir Zaoralek and his deputy, with officials drawing parallels to the Democratic National Committee breach preceding the 2016 U.S. election. While the DDoS attack’s timing coincided with Babiš’s controversial electoral success—he faced ongoing fraud charges but was expected to become Prime Minister—no attribution or explicit motive was established. The CSU’s public statement emphasized the attack’s limited technical impact on result tabulation but acknowledged disruptions to public-facing election reporting platforms during a critical phase of democratic proceedings.