Germany’s national railway operator, Deutsche Bahn, suffered a massive and sustained distributed denial-of-service (DDoS) attack this week that crippled its information and booking systems for nearly two days, causing widespread disruption for travelers across the country . The attack began on February 17 and continued in waves through February 18, specifically targeting the company’s website and “Navigator” mobile application.
According to Deutsche Bahn officials, the assault was “specifically targeted at the company” and executed in multiple waves designed to overwhelm the railway’s digital infrastructure . The attack flooded Deutsche Bahn’s servers with enormous volumes of traffic, with Germany’s Federal Office for Information Security (BSI) reporting that the DDoS campaign generated “billions of requests per minute” at its peak . This volume, described by BSI President Claudia Plattner as an “incredibly massive attack,” represented a significantly higher magnitude than typical daily DDoS operations .
The attack rendered Deutsche Bahn’s online booking systems, real-time travel information services, and mobile ticketing applications unavailable for extended periods on both days . While train operations themselves continued, passengers faced significant challenges purchasing tickets, checking schedules, or accessing digital travel documents. The disruption forced many travelers to rely on traditional paper tickets or in-person counter services, creating long queues at major train stations during peak travel hours.
Deutsche Bahn initially reported system stabilization on the evening of February 17, only to see services falter again the following morning as subsequent attack waves targeted the partially restored infrastructure . The company confirmed that the attack was specifically directed at its customer-facing digital services and not at operational technology controlling train movements or signaling systems.
Investigation and Response
German authorities are investigating the attack, though officials at the Federal Ministry of the Interior have declined to comment on specific attribution due to the early stage of the investigation . Deutsche Bahn is coordinating closely with the BSI and other cybersecurity agencies to analyze the attack infrastructure and implement enhanced defensive measures .
