Menu
Browse

Cyber Incident Victim: Westbahn

Date:

Oct 2023

Location:

Austria

Summary

Westbahn experienced a cyberattack on its IT systems that primarily affected administrative areas. The company stated that it could not rule out the exfiltration of business, employee and customer data, although credit card information is not stored internally. Operational rail services continued without disruption. Authorities have been notified and an internal team, supported by external experts, is investigating the incident to determine its scope and improve future defenses.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 2 motives 1 technique
Threat Actors Type Location
0 actors Available to members Available to members

Description

On Thursday, 19 October 2023, Westbahn experienced a cyber incident affecting its IT systems, specifically the administrative division. The company reported that attackers gained access to its systems and that it could not exclude the possibility that data had been exfiltrated. According to Westbahn, the potentially compromised data could include business, employee, and customer information, while credit card data were not processed by the company itself. The incident did not disrupt train operations, and services continued to run as scheduled.

Cyber Incident Image

Upon detection, Westbahn deployed an internal expert team that halted the attack and initiated an investigation with external support. The IT department, assisted by outside specialists, worked to determine the scope of the breach and to improve defenses against similar future incidents. Westbahn notified the relevant authorities in accordance with legal requirements and established a dedicated email address ([email protected]) and hotline (+43 1 361 0366 548) for inquiries. The company advised customers to change their “Meine Westbahn” account passwords, even though no passwords were confirmed to have been stolen, and urged increased vigilance against possible spam or phishing messages. Frequently asked questions published by Westbahn clarified that the attackers' identity remained under investigation, that the accessed data could comprise business, employee, and customer records, and that no credit card information was involved because payments are handled by third‑party providers.

Westbahn emphasized that the rail service remained unaffected, with tickets available through all usual channels and trains operating according to the published timetable. The company noted that, while there was no evidence of operational impact, the potential misuse of customer data could lead to unwanted communications such as spam or phishing. It stated that the investigation was ongoing and that further legal steps were reserved. The narrative concludes with the confirmation that Westbahn continued to monitor the situation and to provide updates as they became available.

Sources
Sources available to members
2 sources