Berlin Transport Cyberattack Exposes 180,000 Customer Records

A third-party breach left thousands of BVG customers vulnerable. How did hackers access their personal details, and what’s next for data security?

, and Administrator

2025 December 31 . 9:04 AM

1 min read

In this image, we can see an advertisement contains robots and some text.

Berlin Transport Cyberattack Exposes 180,000 Customer Records

Berlin’s public transport operator, Berliner Verkehrsbetriebe (BVG), has confirmed a cyberattack on one of its service providers. The breach may have exposed up to 180,000 customer records, though no account passwords were compromised. Authorities are now investigating the incident while BVG takes steps to address the fallout.

The attack targeted a third-party provider working with BVG. According to initial reports, the stolen data includes names, postal addresses, email addresses, and customer contract details. However, no financial information or login credentials were accessed.

BVG has already informed affected customers and the relevant data protection authority. A special contact inbox has also been set up to handle inquiries from concerned users. The company emphasised that safeguarding personal data remains a top priority as the investigation continues.

While the broader cybersecurity risks in German public transport—such as vulnerabilities in the Deutschlandticket system—have been discussed since late 2024, no specific group or agency has yet been named as leading the probe into this particular incident.

The breach affects a significant number of BVG customers, with investigations still ongoing. Those impacted have been notified, and the company is working to prevent further unauthorised access. For now, no passwords or financial details appear to have been exposed in the attack.