Skip to content

Cyberattack on GSW Disables Payment Systems – 60,000 Customers Affected

In brief: A cyberattack on a municipal utility provider disables its payment systems and forces 60,000 customers to make manual transfers; manipulated phishing emails are considered the likely entry point.

Gemeinschaftsstadtwerke (GSW) Kamen, Bönen and Bergkamen became the target of a cyberattack at the end of June and subsequently had to take all systems offline. The payment system failure now forces around 60,000 customers to make manual transfers for their electricity and water payments.

On Sunday, 28 June 2026, GSW fell victim to a cyberattack. As an immediate measure, the utility disconnected all internal systems and applications from the network – including the customer portal. The consequences of this shutdown extended to payment processing: direct debits for electricity and water due on 1 July 2026 could not be processed. According to GSW spokesperson Andrea Hihat, all customer segments are affected, totalling around 60,000 contracts.

The utility called on customers to manually transfer their payments. Required information includes name, customer number and billing unit; banking details can be found on the last invoice or contract confirmation. According to GSW, there are no immediate consequences for payers, as the utility intends to post late payments at a later date. However, Hihat warned of possible double bookings if individual transfers are made in parallel with automatic re-postings.

The Central Cybercrime Contact Point North Rhine-Westphalia (ZAC NRW), a department of the Cologne Public Prosecutor’s Office specializing in computer crime, is investigating on suspicion of computer sabotage. Chief Public Prosecutor Miriam Margerie places the case in a larger pattern: operators of critical infrastructure are regular attack targets, and 2026 has already seen several similar cases, often with ransom demands. The public prosecutor’s office declines to comment on the attack vector and the extent of damage – both are part of ongoing investigations. A possible data breach is to be clarified in the coming weeks.

Chief Public Prosecutor Margerie names manipulated emails with links as the probable entry point. Unlike in the past, such emails can now barely be distinguished from legitimate business communications using generative AI. The exact attack route has not yet been clarified. Furthermore, the attack has also restricted the bathing facility: the food offering was reduced because without functioning card payment, a reduced range is easier to manage in ongoing operations.


Source: www.it-daily.net · Published 2 July 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.

Share on: