Cyber Incident Victim: Air Bank

On August 30, 2023, multiple Czech financial institutions experienced coordinated cyberattacks disrupting digital services during Wednesday morning operations. Air Bank, alongside Komerční banka, Česká spořitelna, ČSOB, and Fio banka, reported technical failures affecting customer-facing platforms. The incidents manifested as service interruptions to internet banking systems and official bank websites, preventing customers from accessing routine transaction capabilities. Initial disruptions began concurrently across institutions, though the precise attack commencement time remained unspecified in public reports. No bank disclosed internal network compromises or unauthorized data access, focusing instead on availability issues stemming from external traffic overload.

The Czech Office for Cyber and Information Security (NÚKIB) confirmed the incidents resulted from distributed denial-of-service (DDoS) attacks targeting banking infrastructure. These attacks flooded networks with artificially inflated request volumes, overwhelming servers and causing service degradation. While NÚKIB did not identify perpetrators or motives, its attribution to DDoS methodology indicated an external disruption campaign rather than data exfiltration or financial fraud attempts. Affected banks publicly acknowledged the outages but did not specify technical mitigation measures or recovery timelines. Service disruptions represented the primary documented impact, with no verified reports of financial losses or data breaches linked to the incident. Banking operations gradually normalized following the attack window, though the duration of full service restoration remained undisclosed by institutions.