Landeshauptstadt Stuttgart

Landeshauptstadt Stuttgart is the official administrative designation for Stuttgart in its role as the state capital (Landeshauptstadt) of Baden-Württemberg, Germany's third-largest federal state by population. With a population of approximately 630,000, Stuttgart is one of Germany's most significant industrial cities: it is the global headquarters of Porsche AG and Mercedes-Benz Group AG, two of the largest automotive manufacturers by revenue, and home to the Messe Stuttgart trade-fair complex and Stuttgart Airport. The city's municipal government administers substantial digital infrastructure serving the local authority, public services, and utilities.

On 19 May 2026, the Rhysida ransomware crew listed the Landeshauptstadt Stuttgart on its data-leak site, threatening a double-extortion publication of exfiltrated municipal data. Rhysida operates the ransomware-as-a-service (RaaS) affiliate model, succeeding Vice Society in the same operator lineage. At the time of writing, no German federal authority had issued a public response, and no data publication had occurred. The incident places a ransomware claim against the municipal government directly upstream of the headquarters of two globally listed automotive OEMs: a breach of city-government systems that hold contracting, permitting, and employee data relevant to the companies headquartered there reads as a supply-chain exposure for Porsche and Mercedes-Benz, even if those companies' own IT infrastructure is separate from the city's.

The Stuttgart claim extends the cross-jurisdictional CNI picture built in the same week by the South Staffordshire Water ICO fine and the West Pharma SEC 8-K, adding a German municipal target to a pattern that spans UK water utilities and US pharma manufacturers. Germany has not yet enacted implementing legislation for NIS2 Directive obligations that would impose mandatory 24-hour notification on essential-service operators of Stuttgart's infrastructure class.