Belgian mobility operator Mpact hit by ransomware

Mpact, a Belgian non-profit organization providing various mobility services, has suffered a severe cyberattack since Wednesday 21st of May 2024. Mpact offers several services under different brand names, including Mobitwin, which connects people with disabilities or low incomes to volunteer drivers.

Initially, Mpact employees believed the disruption was due to a technical failure. However, they soon discovered it was a cyberattack when a hacker collective sent a message demanding contact. Mpact suspects ransomware was installed on their servers, locking their systems and possibly demanding a ransom for data release. The organization has not contacted the hackers and immediately reported the incident to the police.

The attack disrupted Mobitwin's servers, preventing the registration of rides for its 40,000 users. It also impacted the Cambio telephone exchange, Belgium's largest car-sharing provider, rendering it unreachable.

Mpact has engaged a specialized private company to conduct a digital forensic investigation. This investigation aims to identify the compromised systems and determine the extent of accessed data. Due to the ongoing police investigation, the exact details of the hacker collective and the ransom demand have not been disclosed.