Cyber Incident Victim: Austrian Railway Company
Date:
Oct 2023
Location:
Austria
Summary
A cyberattack targeted the Austrian Railway Company's administrative IT systems, potentially compromising business, employee, and customer data. While train operations remained unaffected, attackers accessed internal systems, with exfiltrated information possibly including sensitive customer details. The company engaged external experts to contain the breach and notified authorities, though no evidence indicated theft of stored passwords. Customers were advised to change account credentials preemptively and remain vigilant against potential phishing attempts stemming from exposed contact data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 19, 2023, the Austrian private railway operator WESTbahn experienced a cyberattack targeting its administrative IT systems. The incident occurred during the day, with attackers gaining unauthorized access to internal networks storing business, employee, and customer data. The company's internal expert team immediately intervened to stop the attack, though investigators could not rule out data exfiltration. Preliminary analysis suggested compromised information might include operational business records, staff personnel details, and customer account data from "Meine WESTbahn" profiles. Notably, payment systems remained unaffected because WESTbahn outsourced all credit card processing to external payment service providers. The attack exclusively impacted backend administrative infrastructure, leaving operational train control systems and ticketing platforms fully functional throughout the incident.
WESTbahn initiated multiple response measures within hours of detection, engaging external cybersecurity specialists to assist their IT department in forensic analysis and system remediation. The company notified Austria's data protection authority in compliance with legal obligations and established a dedicated hotline (+43 1 361 0366 548) and email address ([email protected]) for customer inquiries. Although forensic reviews found no evidence of stolen account passwords, WESTbahn proactively advised all customers to reset their "Meine WESTbahn" credentials via password recovery functions as a precaution. The organization warned that attackers might possess sufficient personal data to launch targeted spam or phishing campaigns against affected individuals. Train operations continued without disruption, with tickets remaining available through all standard sales channels. WESTbahn preserved the right to pursue legal action against the perpetrators pending investigation outcomes, which remained ongoing at the time of reporting without attribution to specific threat actors.