UK transport firm Go-Ahead hit by cyber attack
IBM has been asked to assist in the recovery
UK transport company Go-Ahead Group has disclosed that it has been the target of a cyber attack that compromised the software used to schedule bus drivers and services.
The Newcastle-based firm told The Guardian that it discovered a server issue late on Sunday, which became more widespread the next day, affecting back office systems, including bus services and payroll software.
The company said that as soon as it learned about the incident, it quickly hired outside forensic experts and took measures to strengthen its IT infrastructure.
The business said it is carrying out its incident response plans and looking into the nature and scope of the event.
To guarantee that its bus services can continue to operate, Go-Ahead is collaborating with IBM to activate backup systems.
The company's rail operations, which use distinct systems, are operating normally both in the UK and overseas.
Go-Ahead is a major supplier of bus services in the UK and the biggest bus operator in London. It operates Go North East buses and also runs train operator Govia Thameslink Railway as a joint venture with Keolis in the capital.
Outside the UK, Go-Ahead runs bus lines in Singapore, Sweden, and Ireland, as well as rail services in Germany and Norway.
According to the company, there is no evidence that any consumer data was compromised as a result of the cyber incident.
"We're doing everything possible to ensure services continue without interruption but if services are affected we'll inform our customers using social media," a spokesperson said.
The company has notified relevant agencies, including the UK's Information Commissioner's Office [ICO], as a precaution.
The ICO penalised British Airways £20 million in 2019 over a data breach. Additionally, hotel chain Marriott was fined £18.4 million for a hack that exposed the details of 339 million customers worldwide.
Governments, businesses, and other organisations have been the targets of an increasing number of cyber attacks in recent years.
Following an attack last month on an NHS supplier, doctors have been forced to record care notes using paper and pen.
"The attack on Go-Ahead is another clear illustration that cyber criminals pose a very real threat to every industry. Whether it's healthcare services or transport networks, cyber criminals will go above and beyond to cause widespread disruption to organisations and their services," said Ian McShane, VP of Strategy, Arctic Wolf.
"While the main cause of the attack is unknown, I'm willing to bet it's ransomware, especially now they say it has spread from 'its server' to other critical systems, such as payroll and bus service software. This is another reminder of how cyber attacks can have real, far-reaching consequences for not only the organisations they're targeting, but for ordinary people," he added.
Andy Norton, European cyber risk officer at Armis, commented: "It's unsurprising to see threat-actors targeting key sectors within UK infrastructure. It's clear they aim to be as disruptive as possible to further their malicious agendas particularly as transport is highlighted as being at risk from increasing cyber-attacks."