View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 6, 2022updated 07 Sep 2022 4:04am

Operator of London buses and Govia Thameslink Railway hit by cyberattack

Public transport company Go-Ahead says it believes no customer data has been compromised in the breach.

By Matthew Gooding

Go-Ahead, the company that operates London’s buses and the Govia Thameslink Railway (GTR) has been hit by a cyberattack, it confirmed today.

London bus operator Go-Ahead has been hit by a cyberattack. (Photo by MarioGuti/iStock)

A statement from the company released on Tuesday said train services were operating as normal following the breach, but did not specify whether bus travel had been impacted.

The company, based in Newcastle, runs bus services in London and many other parts of the UK, as well as Ireland and Singapore. GTR, meanwhile, accounts for around 25% of rail journeys in the UK.

How the Go-Ahead cyberattack happened

Go-Ahead detected unauthorised activity on its network on Monday, and immediately called in cybersecurity specialists to investigate.

“Upon becoming aware of the incident, Go-Ahead immediately engaged external forensic specialists and has taken precautionary measures with its IT infrastructure whilst it continues to investigate the nature and extent of the incident and implement its incident response plans,” a company statement said.

The statement added that there was “no indication that any customer data has been compromised”, and said the company had informed data watchdog the Information Commissioner’s Office as a precaution.

Though details of the breach are scarce, Javvad Malik, lead security awareness advocate at KnowBe4 said “it would not be a surprise to anyone if this turns out to be a ransomware attack.” 

Malik added: “It does appear that Go-Ahead has an incident response plan in place and external specialists on retainer which should help them recover from the incident quicker.

Content from our partners
The growing cybersecurity threats facing retailers
How to integrate security into IT operations
How Kodak evolved to tackle seismic changes in the print industry and embrace digital revolution

“One of the important points of consideration is that no industry or vertical is, or can be assumed safe from cyber attacks. All organisations of all sizes can be potential victims, and with the greater reliance on digital systems, the impact can be huge. Therefore, investing in robust security controls that can protect, detect, and respond to attacks is no longer optional.”

Cyberattacks on UK public transport systems

Reported cyberattacks on UK public transport infrastructure are relatively rare. Last year, Nottingham City Transport, which runs public transport services in the city, said it was hit by hackers, causing “intermittent disruption” to services.

Last July, the self-service ticketing system of the Northern rail franchise was targeted in what was thought to be a ransomware attack. The ticketing system, which cost £17m to install at stations across the network, had only been running for a week before it was targeted by criminals, causing it to be out of action for seven days.

“We immediately instigated our major incident procedure in order to protect other parts of the network and our checks have shown there has been no compromise to any personal data,” a spokesman for Flowbird, the technology vendor behind the system, told the BBC at the time.

Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit

Read more: AI is extending the scale and sophistication of cybercrime

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy