Cyber Incident Victim: erixx GmbH
Date:
Dec 2024
Location:
Germany
Summary
A distributed denial-of-service (DDoS) attack disrupted online services for railway operators Metronom and Erixx, temporarily rendering their websites and digital platforms inaccessible. The outage prevented passengers from checking train schedules, service disruptions, delays, or accessing online lost property services and contact forms. All affected web services, including those of subsidiary brands Enno and Erixx Holstein, have since been restored to full functionality following mitigation of the cyberattack.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the afternoon of Monday, December 30, 2024, a cyberattack disrupted digital services across multiple German regional rail operators, including erixx GmbH and its affiliated companies Metronom, Erixx Holstein, and Enno. The coordinated distributed denial-of-service (DDoS) attack rendered their public-facing websites and web applications inaccessible to passengers nationwide. This outage prevented customers from accessing real-time train schedules, service disruption notices, delay information, and online reservation systems during peak travel hours. The attack also disabled ancillary services such as digital lost-and-found reporting and customer support contact forms, eliminating primary communication channels between the operators and travelers. No alternative digital platforms or workarounds were available during the initial hours of the disruption, forcing passengers to rely on station announcements and physical information points for travel updates. The incident persisted through Monday evening, coinciding with heightened holiday travel volumes across northern Germany’s regional rail network.
By January 1, 2025, all affected operators had fully restored their web services following mitigation of the DDoS campaign. Technical teams successfully neutralized the attack vectors, allowing complete reactivation of schedule databases, ticket systems, and customer service portals without reported residual disruptions. Service restoration occurred through coordinated infrastructure hardening across the operators’ shared digital platforms, though no specific technical countermeasures or third-party responders were detailed in public communications. The operators confirmed no passenger data breaches or secondary compromises occurred beyond the temporary service unavailability. Normal operations resumed for all online functions including dynamic schedule updates, delay notifications, and electronic ticket validation systems. Passenger access to real-time service information was fully reestablished across web and mobile platforms by the time of the public recovery announcement.