Hacker attack on Sixt – booking system temporarily restricted
Stand: 02.05.2022
Sixt has become the victim of a cyber attack. Hackers have successfully attacked the central IT system. There were occasional problems with online bookings and the hotline. However, Germany’s largest car rental company was not completely surprised.
Sixt was warned and even looked for weak points itself beforehand. But all precautions did not help. Now one of the largest car rental companies in Europe has also been attacked by hackers, who initially restricted business operations worldwide and in some cases even paralyzed them.
As early as April 29, there were first reports of the failure of the Sixt booking system. But it was only two days later that Sixt published a brief English-language note to the financial markets and admitted a cyber attack.
There is no indication in the notification whether the cyber attack was linked to an attempt to blackmail the platforms or to theft of data. A Sixt spokeswoman was also unable to provide any information on this. It was an attack on the central IT system used worldwide, it said.
Shortly thereafter, the system largely restarted with restrictions on the hotline. On the stock exchange, ordinary and preferred shares came under only slight pressure. Bookings were largely possible again. However, customers were asked to be patient.
According to Sixt, it was able to contain the cyber attack at an early stage. As is usual in such cases, access to IT systems was restricted as a standard precautionary measure.
Previously, there were reports that customers could only rent and return their vehicles on paper forms and no longer on screen. The hotline could not be reached.
Cyber attack on the central Sixt IT system
The successful cyber attack on the central Sixt IT system shows another example that hackers can even penetrate corporate systems that are supposedly well protected. Germany’s largest car rental company was not completely surprised by the attack. In the 2021 annual report, Sixt points out that there were “numerous attacks” on the IT system again last year.
Both the number and the variants and the complexity of the attacks have increased. For 2021, however, Sixt was still able to report that there was no significant damage or impairment.
Like many companies, Sixt also tried to protect against a cyber attack and, according to its own statements, regularly carried out so-called “penetration tests”. Attacks on the IT system are simulated in order to find weak points.
In addition, Sixt has “bug bounty programs” in which bonuses are paid for finding errors in the software or opportunities to penetrate the IT systems. But these protective measures and employee training obviously did not help.
Sixt reports record numbers again
Sixt relies on the functioning of its IT system to operate its diverse mobility offerings. The group maintains a large IT department itself and employs software experts in Bangalore, India, to program its app.
The cyber attack hit Sixt at a time when the group was again reporting record numbers after previous slumps due to the corona pandemic. In 2021, sales increased by 49 percent to 2.28 billion euros and profit before tax soared from a loss of 81.5 million euros in 2020 to a new record level of 442.2 million euros. The upward trend continued in the first quarter of 2022, with higher rents also contributing to the improvement in earnings.
“Everything on shares” is the daily stock exchange shot from the WELT business editorial team. Every morning from 7 a.m. with the financial journalists from WELT. For stock market experts and beginners. Subscribe to the podcast on Spotify, Apple Podcast, Amazon Music and Deezer. Or directly via RSS feed.