London's Biggest Bus Operator Hit by Cyber "Incident"

Written by

Travellers in London are braced for more delays after the city’s largest bus operator revealed it has been hit by a “cybersecurity incident,” according to reports.

Newcastle-based transportation group Go-Ahead shared a statement with the London Stock Exchange indicating “unauthorized activity” had been discovered on its network yesterday.

“Upon becoming aware of the incident, Go-Ahead immediately engaged external forensic specialists and has taken precautionary measures with its IT infrastructure whilst it continues to investigate the nature and extent of the incident and implement its incident response plans,” it stated.

“Go-Ahead will continue to assess the potential impact of the incident but confirms that there is no impact on UK or International rail services which are operating normally.”

However, the same may not be true of its bus services. Sky News reported that bus and driver rosters may have been impacted by the attack, which could disrupt operations.

Go-Ahead operates multiple services in the South, South West, London, North West, East Anglia, East Yorkshire and its native North East.

It is London’s largest bus company, operating over 2400 buses in the capital and employing more than 7000 staff.

The firm also operates several high-capacity railway services in the UK including Great Northern, Thameslink, Gatwick Express and Southern.

The incident comes just weeks before Go-Ahead is due to be acquired by a consortium of Australia and New Zealand's largest bus network, Kinetic, and Spanish firm Globalvia. The acquisition previously estimated the value of the UK business at £669m.

It’s too early to say yet whether the “incident” is ransomware, but threat actors have targeted mass public transit systems frequently in the past.

Previous victims have included subway operators in Toronto, San Francisco and New York.

What’s hot on Infosecurity Magazine?