Cyber Incident Victim: Zürcher Verkehrsverbund

On October 22, 2022, the Zürcher Verkehrsverbund (ZVV) experienced a significant disruption to its ticket sales systems beginning at approximately 10:30 AM local time. All digital ticket purchasing channels—including the ZVV mobile application and website—became non-functional, preventing customers from acquiring tickets through these platforms. The outage coincided with a promotional event organized with Zurich Insurance, which had offered free travel across ZVV's entire network that day using a specific promo code ("Zurich150"). Initial speculation from ZVV suggested system overload due to high user interest in the promotion, but subsequent investigation confirmed the cause as a cyberattack. The organization's media spokesperson, Thomas Kellenberger, publicly attributed the incident to a distributed denial-of-service (DDoS) attack, characterizing it as a flood of malicious requests overwhelming their servers during a short timeframe.

The attack had immediate operational consequences, forcing ZVV to direct customers to purchase standard tickets through SBB (Swiss Federal Railways) channels, though promotional tickets remained unavailable through this alternative. Social media platforms, particularly Twitter, saw numerous user reports confirming complete system failures. ZVV acknowledged the attack via Twitter at 12:30 PM, announcing partial restoration of services with residual slowness while assuring functionality of both regular tickets and promo codes. The disruption lasted approximately two hours before systems stabilized. While the perpetrator remained unidentified, the incident directly impacted a scheduled promotional activity and required ZVV to issue public apologies for the inconvenience. No data breach or financial theft was reported in connection with the DDoS incident.