Cyber Incident Victim: Mpact
Date:
May 2024
Location:
Belgium
Summary
A ransomware attack disrupted operations at a Belgian mobility services provider, impacting platforms facilitating shared transportation for individuals with disabilities and low-income users. The incident rendered servers inoperable, initially halting ride registrations for approximately 40,000 users and affecting a corporate carpooling service; emergency backup systems restored partial functionality for critical services. A partnered car-sharing company experienced phone system outages due to outsourced infrastructure, though its core reservation app remained operational. Forensic investigators and law enforcement are assessing data compromise and system encryption, with the organization confirming unaffected autonomous platforms via segregated infrastructure. The attackers issued a ransom demand, but no engagement occurred.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 22, 2024, Mpact, a Belgian nonprofit provider of shared mobility services for people with disabilities and low-income individuals, experienced a major operational disruption initially perceived as a technical malfunction. Employees discovered a direct message from a hacker collective demanding communication, confirming a cyberattack. Director Angelo Meuleman stated the organization immediately contacted federal police rather than engaging with the hackers, suspecting a ransomware attack aimed at extorting payment for server decryption. The federal police’s cybersecurity unit launched an investigation, while Mpact’s cyber insurance facilitated a private digital forensics firm to assess compromised systems. Preliminary analysis indicated hackers likely deployed ransomware to lock Mpact’s servers, though the specific collective involved and ransom demands remained undisclosed due to the ongoing investigation. Forensic experts worked to identify the full scope of encrypted systems and determine whether attackers exfiltrated sensitive data.
The attack severely disrupted Mpact’s Mobitwin service, which coordinates 1,000 daily rides for 40,000 users via volunteer drivers, by crippling its ride-registration servers. Mpact implemented an emergency backup system to maintain partial operations. Additional affected services included a corporate carpooling platform and the phone system of Cambio, Belgium’s largest car-sharing company, which outsourced its call center to Mpact. Cambio confirmed its core customer data and reservation systems—hosted on separate servers—remained unaffected, though its IT department quarantined some online systems as a precaution, aiming for a phased restart by May 24. Olympus Mobility, a business mobility platform partly owned by Mpact, operated normally on independent infrastructure. Meuleman emphasized the irony of targeting a disability-focused nonprofit despite its proactive cybersecurity measures, noting the incident reflects a broader trend of escalating ransomware attacks, such as the recent disruption at Duvel Moortgat breweries.