Go-Ahead, the company that operates London’s buses and the Govia Thameslink Railway (GTR) has been hit by a cyberattack, it confirmed today.
A statement from the company released on Tuesday said train services were operating as normal following the breach, but did not specify whether bus travel had been impacted.
The company, based in Newcastle, runs bus services in London and many other parts of the UK, as well as Ireland and Singapore. GTR, meanwhile, accounts for around 25% of rail journeys in the UK.
How the Go-Ahead cyberattack happened
Go-Ahead detected unauthorised activity on its network on Monday, and immediately called in cybersecurity specialists to investigate.
“Upon becoming aware of the incident, Go-Ahead immediately engaged external forensic specialists and has taken precautionary measures with its IT infrastructure whilst it continues to investigate the nature and extent of the incident and implement its incident response plans,” a company statement said.
The statement added that there was “no indication that any customer data has been compromised”, and said the company had informed data watchdog the Information Commissioner’s Office as a precaution.
Though details of the breach are scarce, Javvad Malik, lead security awareness advocate at KnowBe4 said “it would not be a surprise to anyone if this turns out to be a ransomware attack.”
Malik added: “It does appear that Go-Ahead has an incident response plan in place and external specialists on retainer which should help them recover from the incident quicker.
“One of the important points of consideration is that no industry or vertical is, or can be assumed safe from cyber attacks. All organisations of all sizes can be potential victims, and with the greater reliance on digital systems, the impact can be huge. Therefore, investing in robust security controls that can protect, detect, and respond to attacks is no longer optional.”
Cyberattacks on UK public transport systems
Reported cyberattacks on UK public transport infrastructure are relatively rare. Last year, Nottingham City Transport, which runs public transport services in the city, said it was hit by hackers, causing “intermittent disruption” to services.
Last July, the self-service ticketing system of the Northern rail franchise was targeted in what was thought to be a ransomware attack. The ticketing system, which cost £17m to install at stations across the network, had only been running for a week before it was targeted by criminals, causing it to be out of action for seven days.
“We immediately instigated our major incident procedure in order to protect other parts of the network and our checks have shown there has been no compromise to any personal data,” a spokesman for Flowbird, the technology vendor behind the system, told the BBC at the time.
Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit NSMG.live.