Cyber Incident Victim: Sixt
Date:
Apr 2022
Location:
Germany
Summary
A global car rental firm experienced a cyberattack that prompted immediate containment measures, including restricted access to non-critical IT systems while maintaining essential customer-facing platforms like websites and mobile apps. The incident caused temporary operational disruptions, particularly affecting customer service centers and select branches, with some locations resorting to manual processes for bookings. The company minimized overall business impact through pre-planned recovery protocols and launched an investigation involving internal and external cybersecurity experts. Customers were advised of potential short-term service delays as the organization worked to restore normal operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 29, 2022, Sixt SE detected IT irregularities across its systems, prompting immediate activation of pre-planned security protocols. The German-based car rental, car sharing, and ride-hailing provider—operating approximately 2,000 locations across 105 countries—confirmed the incident as a cyberattack. Response teams restricted access to all non-essential IT systems as a precautionary measure, preserving functionality only for critical customer-facing platforms like the company’s main website and mobile applications. This containment strategy aimed to isolate the attack’s scope and prevent further infiltration. Business operations faced immediate disruptions, particularly affecting customer care centers and select branches. Employees resorted to manual processes for car bookings, using pen and paper to record transactions starting Friday morning. Customers attempting phone support encountered automated messages citing technical problems and delayed email response capabilities. Despite these challenges, Sixt emphasized minimizing operational impacts to maintain business continuity during the incident’s initial phase.
The company initiated recovery processes while internal and external cybersecurity experts conducted a thorough investigation into the attack’s origin and methodology. Central IT systems remained operational where possible, enabling continued online reservations and app-based services to mitigate revenue loss. Temporary service interruptions persisted in localized branches and customer service channels, with Sixt publicly acknowledging these short-term disruptions. Communication efforts included direct appeals for customer patience via press releases and recorded support messages, though no specifics regarding attack vectors or responsible threat actors were disclosed. By May 1, 2022, Sixt confirmed the attack had been contained at an early stage but maintained restricted system access while forensic analysis continued. The organization committed to providing further updates as investigations progressed, underscoring the seriousness of its response despite withholding technical details about the compromise.