Miniature museum in Hamburg suffers cyberattack, leaks credit card data

Published: 11 November 2025
miniature-wunderland
Image by Cybernews.

Miniatur Wunderland, a popular miniature museum in Hamburg, has informed a number of its visitors of a “data protection incident.” Attackers might have gained access to the credit card data of hundreds of thousands of people.

In April, an individual released irritant gas at the Miniatur Wunderland, one of the most popular tourist attractions in the northern German city and considered the largest model train exhibition in the world.

46 people suffered minor injuries, and all visitors were evacuated. However, half an hour later, the building was cleared for re-entry.

ADVERTISEMENT

Yet, the impact of another attack might be significantly bigger. A number of people who have visited the museum in the last few months just received an email informing them about “a data protection incident” and the possibility that their personal data may be affected.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

“The Miniatur Wunderland was the victim of a cyberattack, through which unauthorized third parties may have gained access to your credit card data,” the email reads.

“We believe that the order page of our ticket shop was compromised and the credit card data was therefore not only transmitted directly to our payment provider but also to a separate server.”

museum-email
Image by Cybernews.

Cybernews has reached out to the Miniatur Wunderland for a comment on the alleged incident and will update the article once a reply is received. The museum hack has not been mentioned on dark web forums so far.

The incident is believed to have impacted online credit card orders placed between June 6th and October 29th.

ADVERTISEMENT

Since more than 1.5 million people visit the museum every year, it’s safe to presume that tens, if not thousands, could be affected by the cyberattack, although, of course, not all visitors purchase their tickets online in advance.

The museum assumes that all credit card data (cardholder name, card number, CVV, valid until) entered for orders in the online ticket shop has been affected by the incident.

miniatur-museum-hamburg
Image by Getty Images/picture alliance.

“We cannot exclude that the data may be misused. The incident may therefore lead to negative consequences for you, such as financial losses through unauthorized card transactions or identity theft,” said the Miniatur Wunderland in the email sent to visitors.

The museum added that after finding out about the incident, it immediately isolated the affected server. However, it can be assumed that visitors’ personal data was leaking for almost five full months.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
Deutsch English Português (BR) Español Français Niederländisch Italian (IT)
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT