Cyber Incident Victim: Danske Statsbaner

On October 29, 2022, Denmark's national railway operator DSB experienced a major operational disruption lasting several hours after a cyber attack compromised systems belonging to its IT subcontractor Supeo. The incident began when Supeo's software testing environment was infiltrated by unidentified criminal hackers, prompting the subcontractor to proactively shut down its servers as a containment measure. This server shutdown disabled critical functionality in DSB's train systems, specifically impairing locomotive drivers' ability to operate trains across the network. The cascading technical failure resulted in a nationwide standstill of DSB train services throughout Saturday morning and afternoon, stranding passengers and disrupting transportation infrastructure. DSB security chief Carsten Dam Sonderbo-Jacobsen confirmed the attack's economic motivation rather than targeting physical infrastructure, characterizing it as criminal activity seeking financial gain.

The railway operator learned of the incident through direct notification from Supeo regarding the compromised testing environment. While the attack did not directly target DSB's operational technology or critical train control systems, the interdependency with Supeo's IT infrastructure caused immediate operational paralysis. Investigators found no evidence of intrusion into DSB's core systems or safety-critical components. Service restoration commenced after Supeo completed security protocols on its systems, though the total recovery timeline spanned multiple hours. Authorities launched investigations to identify the perpetrators, but no attribution claims or responsible parties had been confirmed as of November 3, 2022. The incident highlighted supply chain vulnerabilities through third-party software providers, though DSB emphasized no passenger safety systems were compromised during the disruption.