Cyber Incident Victim: S-Bahn Hannover

On July 9, 2025, the website of S‑Bahn Hannover became only partially reachable after an external overload attack was detected. Visitors to the site received a “bad gateway” error, indicating that the server was not responding. Transdev Hannover stated that the attack originated from outside and caused intermittent restrictions on the site’s availability. In response, the company’s IT department activated filtering measures to mitigate the traffic surge. These filters could themselves cause additional impairments and occasionally led to legitimate users being mistakenly identified as attackers and blocked. The exact duration of the disruption was not specified, although similar attacks typically end within 24 hours, and passengers were kept informed through Transdev’s social‑media channels.

Less than three weeks later, on July 24, 2025, the S‑Bahn Hannover website suffered a second outage in the same month, with the problem beginning early Thursday afternoon. The site was completely unreachable, and the outage also affected other web presences within the Transdev group. Analysis showed that the disruption resulted from an overload attack in which external requests flooded the service, aiming to slow or completely halt regular traffic. After roughly two hours, IT engineers were able to activate filters that restored the website’s operation, though some individual users continued to experience difficulties and were occasionally misclassified as attackers. No further details about the attack’s length or origin were provided in the reports.