Cyber Incident Victim: Austrian Railway Company
Date:
Oct 2023
Location:
Austria
Summary
Westbahn experienced a cyber incident affecting its IT systems, particularly administrative systems, which was contained by an internal expert team with external support. The company stated that attackers gained access to systems and that business, employee and customer data may have been exfiltrated, although no credit card data are processed internally. Railway operations and ticket sales continued without disruption. Authorities have been notified and an investigation is underway to determine the scope and prevent future similar events.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Thursday, 19 October 2023, Westbahn detected a cyber incident affecting its IT systems, specifically the administrative portion of its network, after an unauthorized intrusion was identified by its internal security team. The company immediately engaged an external expert team to halt the attack and began a thorough investigation into the scope and origin of the breach. Westbahn stated that it could not rule out the possibility that data had been exfiltrated, noting that, based on current findings, the potentially accessed information might include business, employee and customer data. The firm emphasized that it does not process credit card details directly, as those transactions are handled by third‑party payment service providers, thereby limiting the exposure of financial data. Despite the security incident, Westbahn confirmed that railway operations remained uninterrupted, with trains continuing to run according to schedule and ticket sales proceeding through all usual channels. The company communicated that there was no impact on the operational or service delivery aspects of its business.

In response to the incident, Westbahn’s IT department, supported by external specialists, worked under high pressure to contain the threat, eradicate any malicious presence and secure the affected systems against similar future attacks. The firm notified the relevant data protection authorities in accordance with legal obligations and indicated that further legal steps were being considered. To assist customers, Westbahn established a dedicated hotline (+43 1 361 0366 548) and an email address ([email protected]) for inquiries and set up a FAQ section on its website addressing concerns about the breach. Although no passwords were confirmed to have been stolen, the company advised users of the “Meine Westbahn” online portal to change their access credentials as a precautionary measure. Westbahn also warned that, should customer data have been compromised, it could be misused for unsolicited messages such as spam or phishing, urging heightened vigilance in the weeks following the disclosure. The organization affirmed that it would continue to monitor the situation and improve its defenses based on the investigation’s findings.
