Cyber Incident Victim: COUNT+CARE GmbH

On June 12, 2022, a cyberattack targeted an IT service provider shared by multiple German municipal service companies, including Frankfurt-based waste management firm FES (Frankfurter Entsorgungs- und Service-Gruppe) and Darmstadt energy provider Entega. The attack compromised systems at the shared IT provider, prompting FES to proactively disconnect all servers linked to the service as a containment measure. This action disrupted FES's online platforms for bulk waste pickup scheduling and customer portal access, though core operational services like trash collection, street cleaning, and waste incineration plant functions remained unaffected. Simultaneously, Entega reported widespread email system outages affecting all 2,000 employees and took corporate websites offline, while emphasizing no disruptions to electricity, gas, or water delivery. The incident's scope expanded when Mainz utility provider Mainzer Stadtwerke confirmed identical impacts on their public-facing websites, email servers, and swimming pool booking systems due to their reliance on the same compromised IT provider.

All affected organizations maintained segregated protections for critical infrastructure, preventing operational impacts on power grids, water networks, or gas distribution systems. FES emphasized preparedness through contingency plans allowing continued service delivery via manual processes during IT outages. Recovery timelines depended entirely on the third-party IT provider's ability to restore its Darmstadt data center operations, with no public disclosure of restoration milestones. Investigations by Hesse State Criminal Police found no immediate evidence attributing the attack to specific threat actors or establishing motives. The incident highlighted supply chain vulnerabilities in municipal service ecosystems, with coordinated response measures successfully preventing data breaches or essential service interruptions despite prolonged ancillary system downtime.