IT incident at Forscherfabrik Schorndorf: Buyers were redirected to Telegram
In the event of an IT incident at Forscherfabrik Schorndorf, data from more than 19,000 customers may have been leaked.
(Image: heise online / dmk)
The Forscherfabrik Schorndorf has experienced an IT incident. Data from more than 19,000 customers may be affected. When purchasing tickets, users were apparently redirected to an external Telegram group.
This is reported by the city of Schorndorf on its website. There, they inform about an IT security incident related to the Forscherfabrik's online ticket sales system. According to the report, it was discovered on January 9, 2026, that ticket buyers were being redirected to Telegram. Investigations so far have revealed that it was a targeted cyberattack, “in which a technical vulnerability was exploited” – but the city does not specify what it was.
“An externally operated and hosted booking system from Gantner Electronic GmbH Deutschland is impacted. An actual outflow of personal data could not be confirmed so far, but also not ruled out,” writes the city of Schorndorf. It further specifies, “Email addresses, passwords, as well as contact and address data of up to 19,238 individuals may be affected.” Customers who have created a password in the booking system should change it everywhere they use it, advises the city administration. However, it is much better not to reuse passwords at all.
Cleanup measures and investigations
After the city became aware of the incident, it informed the city administration's data protection officer, and a report was also made to the responsible data protection authority. The operator has blocked the affected IT systems and reconfigured them with additional security measures. “The operator is responsible for technical details regarding the booking system,” explains the city administration, emphasizing that they will closely monitor the processing of the incident and “continue to be available as a contact person for general and data protection law questions.”
Videos by heise
The incident is reminiscent of an IT attack on Miniatur Wunderland in Hamburg, which became known last November. There too, criminals had infiltrated malware into the online ticket booking system.
(dmk)
