Miniatur Wunderland, one of Germany’s most visited attractions and the world’s largest model railway exhibition, has disclosed a cyberattack that may have exposed the credit card details of thousands of visitors.
The Hamburg-based museum confirmed in an email to affected individuals that attackers had likely compromised its online ticketing system, allowing unauthorized access to sensitive financial information. The breach follows a string of unusual incidents at the venue, including an irritant gas attack earlier this year that forced a brief evacuation.
Online Ticket Shop Compromised for Nearly Five Months
According to the museum’s notification, the cyberattack targeted its online order page, which was compromised to capture payment data. Instead of being transmitted solely to the museum’s official payment provider, the information was also sent to a rogue server controlled by attackers.
“The Miniatur Wunderland was the victim of a cyberattack, through which unauthorized third parties may have gained access to your credit card data,” the museum wrote to customers.
The breach is believed to have affected online credit card transactions made between June 6 and October 29, a window of nearly five months.
Credit Card and Personal Information Potentially Exposed
Miniatur Wunderland estimates that all data fields entered during online purchases may have been affected, including:
- Cardholder name
- Card number
- Expiration date
- CVV security code
The museum cautioned that this data could be exploited for unauthorized financial transactions or identity theft. Although more than 1.5 million people visit the museum annually, only a portion are likely impacted — primarily those who purchased tickets online during the affected period.
“We cannot exclude that the data may be misused. The incident may therefore lead to negative consequences for you, such as financial losses through unauthorized card transactions or identity theft,” the museum’s message warned.
Immediate Containment Efforts and Ongoing Investigation
Upon detecting the intrusion, Miniatur Wunderland said it isolated the compromised server to prevent further data exposure. However, investigators believe that personal and payment information may have been leaking undetected for several months before discovery.
Authorities have not yet disclosed how attackers infiltrated the system or whether malware or phishing vectors were involved.
The museum is urging affected customers to monitor their bank accounts for suspicious activity and contact their financial institutions if unauthorized charges appear.
The incident underscores how even family-friendly attractions can become prime targets for financially motivated cybercriminals, exploiting high visitor volumes and online sales systems to harvest valuable payment data.
