Nation / PlaceDE

Baden-Württemberg

A federal state in south-west Germany; its capital Stuttgart was named on the Rhysida ransomware leak site on 19 May 2026.

Last refreshed: 20 May 2026 · Appears in 1 active topic

Key Question

Is Baden-Württemberg's automotive manufacturing cluster exposed by a gap in Germany's NIS2 implementation?

Timeline for Baden-Württemberg

#419 May

Rhysida names Stuttgart on leak site

Cybersecurity: Threats and Defences

View full timeline →

Follow Cybersecurity: Threats and Defences →

Common Questions

Where is Baden-Württemberg and what is it known for?: Baden-Württemberg is a federal state in south-west Germany, bordering France and Switzerland. It is home to Porsche, Mercedes-Benz, and Bosch, making it the centre of German automotive manufacturing with a GDP of roughly €570 billion.
Why does the Stuttgart ransomware attack affect the whole of Baden-Württemberg?: Stuttgart is Baden-Württemberg's state capital and largest city. The Rhysida attack on city government systems touches shared state digital infrastructure and sits adjacent to the headquarters of Porsche and Mercedes-Benz, creating potential supply-chain exposure beyond the city alone.
Has Germany implemented the EU NIS2 cybersecurity directive?: Germany's transposition of NIS2 (in force from October 2024) was incomplete as of May 2026, meaning the mandatory 24-hour incident notification obligations for essential-service operators were not yet fully in force domestically.

Background

Baden-Württemberg is Germany's third-largest federal state by population (approximately 11.8 million) and one of its most economically significant, generating roughly €570 billion GDP annually. The state is the global home of German premium automotive manufacturing: Porsche AG and Mercedes-Benz Group AG are both headquartered in the state capital Stuttgart, and Baden-Württemberg also hosts Bosch, the world's largest automotive supplier, and ZF Friedrichshafen. The manufacturing cluster is heavily integrated, with supplier networks, research institutions, and municipal infrastructure deeply interlocked across the Stuttgart metropolitan area.

The state entered the cyber-threat picture in May 2026 when the Rhysida ransomware crew listed Landeshauptstadt Stuttgart, Baden-Württemberg's state capital and largest city, on its data-leak site on 19 May 2026 with a double-extortion data-dump threat. The direct victim is the municipal government, but the proximity of Stuttgart's city-government systems to the headquarters and regulatory infrastructure of the state's automotive anchors has widened the incident's assessed blast radius. Baden-Württemberg operates shared digital infrastructure for municipal, state, and public-sector functions; the extent to which any breach of city systems intersects with that shared estate has not been publicly confirmed.

Germany's incomplete transposition of the EU's NIS2 Directive (in force October 2024) means mandatory cyber-incident reporting obligations for essential-service operators in Baden-Württemberg have not yet been fully codified. That regulatory gap is directly relevant to how the Stuttgart incident is reported and investigated.

Source Material

Baden-Württemberg State Government

How the World Sees Them

Germany's incomplete NIS2 transposition is a live compliance issue for EU institutions; the Stuttgart incident adds pressure for faster domestic implementing legislation.

Germany

Baden-Württemberg's economic weight means a significant state-level cyber incident has national implications; the state generates nearly 20 per cent of German industrial output.

Automotive Industry

Porsche, Mercedes-Benz, and Bosch all have complex digital supply chains intersecting with state and municipal infrastructure; the Rhysida claim is the first direct ransomware threat to that intersection.

France and Switzerland

Baden-Württemberg borders both countries; shared infrastructure and cross-border industrial networks mean a significant disruption to the state would have immediate trans-border economic effects.