Overview

• Hackers targeted an external IT provider for the Berliner Verkehrsbetriebe (BVG), accessing customer names, addresses, emails, and customer numbers.
• The breach potentially affects 180,000 customer records, though passwords and financial data were not compromised.
• BVG has notified the Berliner Datenschutzbehörde and the affected customers, emphasizing its commitment to data protection.
• A comprehensive investigation is underway in collaboration with the external provider to determine the full scope and prevent future incidents.
• The Federal Office for Information Security (BSI) highlights BVG's classification as critical infrastructure, underscoring the elevated cyber risk for public transport operators.