View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 6, 2022updated 07 Sep 2022 4:04am

Operator of London buses and Govia Thameslink Railway hit by cyberattack

Public transport company Go-Ahead says it believes no customer data has been compromised in the breach.

By Matthew Gooding

Go-Ahead, the company that operates London’s buses and the Govia Thameslink Railway (GTR) has been hit by a cyberattack, it confirmed today.

London bus operator Go-Ahead has been hit by a cyberattack. (Photo by MarioGuti/iStock)

A statement from the company released on Tuesday said train services were operating as normal following the breach, but did not specify whether bus travel had been impacted.

The company, based in Newcastle, runs bus services in London and many other parts of the UK, as well as Ireland and Singapore. GTR, meanwhile, accounts for around 25% of rail journeys in the UK.

How the Go-Ahead cyberattack happened

Go-Ahead detected unauthorised activity on its network on Monday, and immediately called in cybersecurity specialists to investigate.

“Upon becoming aware of the incident, Go-Ahead immediately engaged external forensic specialists and has taken precautionary measures with its IT infrastructure whilst it continues to investigate the nature and extent of the incident and implement its incident response plans,” a company statement said.

The statement added that there was “no indication that any customer data has been compromised”, and said the company had informed data watchdog the Information Commissioner’s Office as a precaution.

Though details of the breach are scarce, Javvad Malik, lead security awareness advocate at KnowBe4 said “it would not be a surprise to anyone if this turns out to be a ransomware attack.” 

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Malik added: “It does appear that Go-Ahead has an incident response plan in place and external specialists on retainer which should help them recover from the incident quicker.

“One of the important points of consideration is that no industry or vertical is, or can be assumed safe from cyber attacks. All organisations of all sizes can be potential victims, and with the greater reliance on digital systems, the impact can be huge. Therefore, investing in robust security controls that can protect, detect, and respond to attacks is no longer optional.”

Cyberattacks on UK public transport systems

Reported cyberattacks on UK public transport infrastructure are relatively rare. Last year, Nottingham City Transport, which runs public transport services in the city, said it was hit by hackers, causing “intermittent disruption” to services.

Last July, the self-service ticketing system of the Northern rail franchise was targeted in what was thought to be a ransomware attack. The ticketing system, which cost £17m to install at stations across the network, had only been running for a week before it was targeted by criminals, causing it to be out of action for seven days.

“We immediately instigated our major incident procedure in order to protect other parts of the network and our checks have shown there has been no compromise to any personal data,” a spokesman for Flowbird, the technology vendor behind the system, told the BBC at the time.

Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit

Read more: AI is extending the scale and sophistication of cybercrime

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.