Cyber Incident Victim: Touring Club Royal de Belgique A.S.B.L.

On the morning of November 25, 2022, Touring Club Royal de Belgique A.S.B.L. experienced a disruptive cyberattack that compromised its operational systems. The attack immediately disrupted the organization’s entire data center infrastructure, forcing Touring to isolate and shut down the affected systems to contain further damage. This emergency measure rendered most telephone and email communications inoperable during the initial hours, significantly impairing roadside assistance services. While some telephone lines were manually restored later that day, call handling capacity remained severely limited due to reliance on manual processes, resulting in prolonged wait times for customers seeking assistance. The organization’s website remained functional throughout the incident, enabling limited customer support through an online contact form. By November 30, Touring had rerouted all telephone lines to restore normal service levels, with call volumes approaching pre-attack capacity.

The attack caused sustained service disruptions throughout the weekend following the initial incident, with Touring publicly acknowledging that some customers received suboptimal assistance during this period. No threat actors made contact with the organization, and no ransom demands were issued. Touring reported the incident to law enforcement authorities, who initiated an investigation to identify the perpetrators. Operational impacts were confined to communication systems, with no reported compromise of customer data or financial systems. The organization issued a formal apology to affected customers and contextualized the incident within broader cybersecurity trends affecting European entities, though it did not disclose technical details regarding the attack vector or duration of forensic investigations. Service restoration efforts prioritized communication channel recovery while maintaining website availability as an alternative support mechanism.