Cyber Incident Victim: České dráhy
Date:
Jan 2023
Location:
Czechia
Summary
A cyberattack disrupted the railway operator's website and mobile application, critical for travel information and ticket purchases, causing prolonged outages. Services were partially restored while efforts continued to fully reinstate e-shop and app functionalities; passengers were accommodated onboard without surcharges during the disruption. The company acknowledged the incident publicly and apologized for the inconveniences, attributing the complications to external factors beyond their control, though specific attack details were withheld for security reasons.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around January 4, 2023, České dráhy (Czech Railways) experienced a disruptive cyberattack targeting its public-facing digital services, including its primary website and the "Můj vlak" mobile application. These platforms, critical for passenger operations, provide real-time travel information and electronic ticket purchasing capabilities. The attack caused significant service outages, rendering both systems partially or fully inaccessible to users. Initial public notification occurred via the company’s Twitter account at approximately 19:30 local time, though the attack likely commenced earlier given the ongoing restoration efforts described by officials. By 20:00, the website remained nonfunctional for many users, indicating sustained disruption. The incident directly impacted travelers’ ability to access schedules or buy tickets digitally during peak evening hours.
České dráhy implemented immediate operational contingencies, instructing conductors to waive standard surcharges typically applied to onboard ticket purchases—a measure acknowledging the attack’s disruption to normal sales channels. Spokesperson Vanda Rajnochová confirmed gradual system restoration efforts were underway to return the e-shop and mobile application to full functionality, though no specific technical remediation steps were disclosed. The company issued a public apology for inconvenience caused to passengers, characterizing the disruption as beyond their preventive control. Rajnochová declined to elaborate on attack vectors, intrusion methods, or potential threat actors, citing security policy restrictions against divulging tactical details during active recovery. Service restoration timelines and final operational status were not explicitly defined in available communications.