Cyber Incident Victim: Stadtwerke Schwerte
Date:
Mar 2025
Location:
Germany
Summary
Stadtwerke Schwerteexperienced a cyberattack that disrupted its internal network and customer portal while leaving its supply services and corporate websites unaffected. The attack prompted the company to notify authorities and work with external providers to restore normal operations. As a consequence, the city of Schwerte reported interrupted digital links to the utility and to Südwestfalen-IT, leading to temporary limitations on municipal services such as passport, registration and police certificate applications, as well as the inability to schedule or cancel appointments and to reach city offices by email, although vehicle registration and dog licensing remained operational.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March5 2025 the Stadtwerke Schwerte issued a statement confirming that a cyber‑attack had caused a disruption of their internal network, affecting internal services and the customer portal. The company said it was working together with external service providers to restore the systems as quickly as possible. At the same time the Stadtwerke Schwerte notified the relevant authorities that the incident had occurred. They emphasized that, according to the current status, the supply of electricity, gas and water remained unaffected and that the websites of the companies belonging to the Stadtwerkegruppe continued to operate normally. The statement also noted that the company would inform the public once the customer portal and the affected services were usable again.
The disruption extended beyond the utility’s own systems, impacting the city of Schwerte’s digital connection to the Stadtwerke Schwerte and to the IT service provider Südwestfalen‑IT. As a result, several municipal services were limited: applications for passports, residency documents and police certificates could not be processed, and appointment cancellations were not possible for either the city administration or citizens. City offices and departments were not reachable by e‑mail, while vehicle deregistration and registration services as well as dog registrations continued to operate without interruption. The city administration reported that the scope of the outage and the timeframe for a full restoration were still unclear.
In response to the incident the Stadtwerke Schwerte continued to collaborate with external specialists to resolve the network disturbance, and the authorities remained informed throughout the process. The attack evoked memories of a similar large‑scale cyber‑event in October 2023 that had affected numerous municipalities in North Rhine‑Westphalia and had targeted the communal service provider Südwestfalen‑IT, of which Schwerte had also been a victim at that time. Investigations into the source of the March 2025 attack were ongoing, with no attribution disclosed in the available reports. The situation remained under active management, with regular updates promised once services were fully restored.