Canyon Bicycles GmbH

Canyon Bicycles GmbH, operating simply as Canyon, is a German manufacturer of bicycles that sells its products directly to consumers through an online model, bypassing traditional retail channels. The company serves a global market, with its operational reach evidenced by the existence of a dedicated US website that was disrupted during a significant cyber incident. Its core business involves the design, production, and sale of various bicycle types, positioning it as a notable direct-to-consumer brand in the competitive cycling industry. The company's scale and commercial importance are implicitly indicated by its selection as a target by sophisticated, professional cybercriminal groups specifically focused on corporate entities, as well as by the operational impact of attacks on its order processing systems.

The company's history includes two documented, severe cyber attacks that underline its status as a high-value target. In the Christmas period of 2019, Canyon Bicycles GmbH suffered a targeted attack where assailants encrypted portions of its internal software and servers. This incident, perpetrated by a group specializing in corporate targets, directly disrupted core business operations, causing processing delays for customer orders despite the public website and ordering portal remaining functional. The company's response was formal and involved immediate notification of criminal investigation authorities and data protection officials, leading to filed criminal charges. Following a forensic analysis by cybersecurity experts, countermeasures were implemented. More recently, in August 2020, the company experienced a ransomware attack that compromised internal systems, including email and collaboration platforms, and affected cloud-based storage functionality, resulting in data loss for some users. This incident prompted an internal employee alert from company leadership and initiated a prolonged system restoration effort. These events collectively demonstrate Canyon's experience with advanced persistent threats and its procedural adherence to regulatory and legal protocols following a security breach.