Miniatur Wunderland Target of IT Attack: Credit Card Data Leaked
The online booking system of Miniatur Wunderland in Hamburg became the target of a cyberattack. Ongoing investigations suggest that cybercriminals gained access to its payment transaction system, potentially compromising sensitive data.
Details of the Cyberattack
A spokesperson for the renowned model railway exhibition confirmed the incident, noting that credit card information had been stolen during the attack.
“Unknown individuals have inserted malicious code into a module of our online ticket booking system. No credit card data stored with us was stolen—we do not store any payment data locally,”
The statement explained that the attackers had manipulated data traffic between Miniatur Wunderland’s server and its payment service provider, enabling them to access data during the payment process.
“According to the current status, the data traffic between our server and the payment service provider was manipulated, allowing the malicious code to read data during the payment process.”
Immediate Response and Investigation
As a precaution, all affected customers were notified, and the incident was reported to data protection authorities. The police and external IT forensic specialists are working to determine how the breach occurred and assess the scope of the damage.
“As a precaution, we have informed all visitors who booked tickets during the affected period and immediately reported the incident to the data protection authority. The police and external IT forensic experts are currently investigating how the attack could have occurred and the exact extent of the manipulation.”
System Recovery
The company stated that after detecting the breach, all affected systems were cleaned and replaced with new ones within 72 hours, fully restoring security.
“All systems were immediately cleaned after confirmation of the initial suspicion and replaced with completely new systems within 72 hours.”
Author’s Summary
Miniatur Wunderland quickly recovered from a cyberattack that exposed credit card data by reinstalling systems and cooperating with investigators to ensure customer safety.