Cyber Incident Victim: Westbahn

On October 19, 2023, the Austrian private railway operator WESTbahn experienced a cybersecurity incident affecting its administrative IT systems. The attack was detected on the same day, prompting the company’s internal expert team to immediately intervene and halt the intrusion. Initial investigations revealed unauthorized access to systems storing business operations data, employee information, and customer records, though the company confirmed no compromise of payment card details due to reliance on external payment processors. WESTbahn could not rule out data exfiltration by the attackers and publicly disclosed the incident on October 19, advising customers via official communication channels to remain vigilant against potential spam or phishing attempts. The company initiated forensic analysis with external cybersecurity support to determine the full scope of the breach and strengthen defenses against future attacks.

The incident primarily threatened data privacy, with exposed information including names, contact details, and account credentials from the "Meine WESTbahn" customer portal, though forensic reviews found no direct evidence of password theft. Operational rail services remained unaffected, with trains running on schedule and ticket sales continuing uninterrupted through all channels. WESTbahn notified Austria’s data protection authority in compliance with legal obligations and established a dedicated hotline (+43 1 361 0366 548) and email address ([email protected]) for customer inquiries. As a precautionary measure, the company urged users to reset their portal passwords via the "Passwort vergessen" function despite the absence of confirmed credential compromise. The attackers’ identity and motives remained undetermined as of the latest update, with ongoing investigations focused on attribution and data impact verification. Legal recourse options were reserved pending further analysis of the intrusion’s technical and jurisdictional aspects.