A Deutsche Bahn blog post said that a distributed denial of service attack knocked the operator’s website and booking systems offline across its subsidiaries, with effects first felt about 15:45 UTC on 17 February, the DB Navigator app and bahn.de experiencing issues, services restored with temporary limitations by about 1300 UTC on 18 February, and the post not elaborating on perpetrators or whether customer data was compromised.
KEY FACTS
- Incident Distributed denial of service attack disrupted booking and timetable systems
- Services affected bahn.de and the DB Navigator app
- Start about 1545 UTC on 17 February
- Restoration Services restored with temporary limitations by about 1300 UTC on 18 February
- Unknowns attacker identity and whether customer data was compromised not disclosed
The outage prevented users from booking trips and checking timetables on the affected platforms while the disruption persisted.
Temporary limits were applied as services were brought back online and network defence measures reduced the disruptive traffic that caused the outage.
DDoS attacks typically aim to flood services with traffic and often run for only a few hours, which matched the timeline of this incident.
WHY IT MATTERS
The outage interrupted booking and timetable access for hundreds of thousands of travellers and shows how reliance on centralised online systems can affect service availability. Restoration reduced immediate disruption while questions remain about the attacker’s identity and data security.