Ongoing Problems at Deutsche Bahn Caused by Cyberattack

Summary

Deutsche Bahn suffers ongoing IT disruptions due to a targeted DDoS cyberattack starting from Tuesday midday, affecting ticketing and connection search systems.

Deutsche Bahn has been suffering from continuing IT disruptions caused by a significant Distributed Denial of Service (DDoS) cyberattack that began on Tuesday, 18 February 2026 around midday. The attack, targeting Deutsche Bahn systems in waves, has led to problems with connection searches, ticket display, and completing bookings on both the Bahn-App 'DB Navigator' and the website bahn.de. Initially, Deutsche Bahn had indicated the issues were resolving, but later revoked that assurance and confirmed severe ongoing impacts. Deutsche Bahn is working closely with federal authorities but has declined to comment on the attack’s origins, emphasizing customer data protection and system availability as top priorities. The head of Germany's Federal Office for Information Security (BSI) described the incident as an unusually large-scale attack generating billions of requests per minute, highlighting the unprecedented dimension of the DDoS assault. The Federal Ministry of the Interior refrained from commenting on investigation status, citing the very early phase of inquiry.

Evidence

"The current attack is specifically directed at DB and is occurring in waves," said Deutsche Bahn in a statement. "The extent is considerable."
"The attack is a DDoS attack (Distributed Denial of Service) which began Tuesday midday," Deutsche Bahn confirmed.
"Our defense mechanisms are working," Deutsche Bahn added. "We are in close exchange with federal authorities and will not comment on speculation about motives. Our highest priority remains the protection of customer data and availability of our information and booking systems."
The head of the Federal Office for Information Security (BSI) said to WDR: "This is a very large-scale attack. We're talking about billions of requests per minute. This kind of DDoS attack is clearly 'the bigger edge' and has no everyday dimension."
"It is a very, very early point in time to expect results from clarification and investigations," said a spokeswoman from the Federal Ministry of the Interior.

Classification

Confidence: High

The article clearly states that Deutsche Bahn is targeted by a large-scale, ongoing cyberattack identified as a DDoS attack. The source includes official statements from Deutsche Bahn and the German Federal Office for Information Security (BSI), clearly attributing the event as a hostile aggressor action affecting critical transport infrastructure IT systems.