Cyber Incident Victim: Designa Verkehrsleittechnik
Date:
Oct 2023
Location:
Germany
Summary
A cyberattack targeting a traffic control systems provider disrupted parking facilities in Ulm and Osnabrück, causing operational failures. The incident forced barriers to remain open, allowing free entry and exit without payment, while Osnabrück required manual traffic management during system outages. Municipal authorities confirmed the attack impacted third-party-operated payment and barrier systems but stated no customer payment data was compromised. Service restoration efforts were underway, with financial losses incurred from unpaid parking fees during the disruption period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 28, 2023, multiple parking facilities in the German cities of Ulm and Osnabrück experienced operational disruptions due to a cyberattack targeting systems managed by their external service provider, Designa Verkehrsleittechnik. In Ulm, parking garage barriers remained in the raised position starting Saturday morning, allowing unrestricted entry and exit without payment collection. Klaus Linder, head of Ulm's parking operations company, confirmed the incident resulted in no customer complaints despite the loss of revenue. The attack compromised the payment processing and barrier control infrastructure, forcing facilities into a de facto "open door" state. Osnabrück's parking garages operated by Osnabrücker Parkstätten-Betriebsgesellschaft (OPG) experienced parallel disruptions, with systems rendered inoperable from Saturday morning until evening. City officials attributed both incidents to a coordinated attack on Designa's centralized management systems.
Municipal responders implemented manual traffic control measures to maintain parking access during the outages. Osnabrück deployed staff to direct vehicles at garage entrances and exits while technicians worked to restore systems. Both cities confirmed no evidence of payment data exfiltration, indicating operational disruption rather than financial theft as the primary attack objective. Service restoration timelines differed between locations, with Osnabrück achieving partial functionality by Saturday night while Ulm's resolution progress remained unspecified in initial reports. The incidents demonstrated cascading effects on municipal services when third-party transportation infrastructure providers are compromised, though the precise attack vector and perpetrator remained unidentified in initial disclosures.