Cyber Incident Victim: Hamburger Verkehrsverbund

On May 28, 2024, the Hamburger Verkehrsverbund (HVV) experienced a cyberattack that disrupted its online ticket sales systems for nearly 24 hours. The incident began on Tuesday afternoon, rendering the HVV app and web-based ticket purchases either nonfunctional or severely limited. Users attempting to access these platforms encountered an error message stating, "Wegen einer technischen Störung ist die Anmeldung in der hvv App derzeit nicht möglich. Bitte nutzt den anonymen Ticketkauf in der hvv App oder die hvv switch App." This technical disruption prevented standard authentication processes required for ticket transactions. HVV spokesperson Silke Seibel confirmed to MOPO that the organization was targeted by hackers whose objective was to overwhelm systems and cripple website functionality through excessive load. The attack specifically targeted the infrastructure supporting digital ticket distribution, though physical ticket machines and public transportation operations remained unaffected.

HVV's technical teams worked intensively to contain the attack and restore services throughout the disruption period. By Wednesday midday, approximately 24 hours after the initial outage, full functionality was restored to both the HVV app and internet-based ticket purchasing channels. The attack caused significant inconvenience to passengers relying on digital services during the disruption window, though alternative purchase methods like anonymous in-app transactions and the HVV Switch app remained available as temporary workarounds. No customer data compromise or financial system breaches were reported in connection with the incident. The resolution occurred without HVV disclosing specific mitigation measures taken or attributing responsibility to any particular threat actor. Service operations resumed normal function following containment of the attack's impact on authentication and transaction systems.