Cyber Incident Victim: Canyon Bicycles GmbH

Canyon Bicycles GmbH experienced a significant cyber attack during the Christmas period in late December 2019, specifically around the turn of the year on December 31. The company described the incident as a "massive criminal cyber attack" perpetrated by a professionally organized group specializing in corporate targets. Attackers successfully breached Canyon's IT systems, encrypting portions of their software and servers, which rendered these systems inaccessible. The company's public-facing website and e-commerce platform at www.canyon.com remained operational throughout the incident, allowing customers to continue placing orders via the web shop without interruption. Canyon detected and neutralized the attack shortly after its occurrence, with their initial public statement on January 6, 2020 confirming the threat had been contained based on their current forensic understanding.

The encryption of internal systems caused operational disruptions that Canyon acknowledged would lead to delays in processing previously placed orders, though specific duration or scale of delays wasn't quantified. Immediately upon discovering the breach, Canyon engaged law enforcement authorities including the Koblenz Criminal Investigation Department and Rhineland-Palatinate State Criminal Police. The company formally notified the State Commissioner for Data Protection in Rhineland-Palatinate about the incident but did not disclose whether customer data was compromised. Criminal charges were filed against the unidentified perpetrators while cybersecurity and digital forensic experts conducted analysis of the attack vectors. Based on their findings, Canyon implemented unspecified technical countermeasures and security solutions to prevent recurrence, though no details about ransom demands, payment, or data exfiltration were mentioned in available reports.