Cyber Incident Victim: metronom Eisenbahngesellschaft mbH

On January 1, 2025, Metronom Eisenbahngesellschaft mbH and its affiliated rail operators Erixx and Erixx Holstein experienced a significant disruption to their online services following a confirmed hacker attack. The incident began on the afternoon of Monday, December 30, 2024, when their websites and web-based platforms became inaccessible to passengers. Critical services affected included real-time schedule displays, digital timetables, online lost property systems, and customer communication portals. Travelers were unable to access departure or arrival information, service change alerts, or delay notifications through official channels. The outage persisted for an unspecified duration spanning multiple days, directly impacting passengers' ability to plan journeys across the operators' regional rail networks in northern Germany. No alternative digital platforms or workarounds were mentioned as available during the disruption period.

Service restoration occurred by the morning of January 1, 2025, with all web services fully reactivated for Metronom, Erixx, Erixx Holstein, and the Enno brand. The operator confirmed the incident resulted from a distributed denial-of-service (DDoS) attack targeting their web infrastructure. No data breaches, system compromises, or unauthorized access to internal networks were reported in connection with the temporary outage. The attack exclusively disrupted public-facing websites and customer service portals without affecting physical train operations or ticketing systems. Full functionality returned to schedule lookup tools, contact forms, and the digital lost property office following mitigation of the DDoS campaign. Passenger access to real-time service information resumed without reported residual effects or ongoing technical limitations.