Brother's Art - stock.adobe.com

Bus company Go-Ahead fighting off cyber attack

Go-Ahead Group, which operates bus companies around the UK, says it is in the process of dealing with a cyber attack that may cause disruption to services

Go-Ahead Group, one of the largest bus operators in the UK, with franchises covering cities including Brighton, Hull, London, Newcastle, Oxford and Plymouth, has confirmed it is dealing with a cyber attack that appears to have downed key internal systems.

The firm – which also operates train companies, although these are unaffected – said it detected unauthorised activity on its network on 5 September.

Unconfirmed reports suggest there may have been impact to payroll and bus and driver rosters, which could result in service disruption similar to that seen during strike action as vital equipment and personnel are left in the wrong place at the wrong time.

A Go-Ahead spokesperson said: “Upon becoming aware of the incident, Go-Ahead immediately engaged external forensic specialists and has taken precautionary measures with its IT infrastructure whilst it continues to investigate the nature and extent of the incident and implement its incident response plans.

“Go-Ahead will continue to assess the potential impact of the incident but confirms that there is no impact on UK or international rail services, which are operating normally.

“As a precaution, Go-Ahead has notified relevant regulators, including the Information Commissioner’s Office [ICO] in the UK,” they said. “The Board will provide a further update as and when appropriate.”

At the time of writing, Go-Ahead had provided no indication of the precise nature of the incident, and it would be inappropriate to speculate further on this point.

Read more about cyber attacks

  • A potentially serious cyber attack on Cisco’s systems that began after a threat actor successfully exploited an employee’s carelessly secured credentials was thwarted without major damage.
  • While some NHS bodies are now recovering their services after the ransomware attack on a crucial software supplier, others are still being forced to rely on pen and paper, and some will be waiting months to recover.

John Davis, director for the UK and Ireland at the Sans Institute, a provider of cyber security training services, said the incident highlighted the potential for cyber crime to be used as a tool to cause widespread, real-world disruption.

“At a time of huge uncertainty and disruption – from the cost-of-living crisis to industrial action across transport services – the incident clearly shows hackers’ strategy to catch us off-guard,” he said. “No organisation is safe, and every citizen has a role to play in digital fortification, whether it’s protecting a country, a company or a consumer.

“Awareness and vigilance are vital weapons in our response to these threats,” said Davis. “Go-Ahead took immediate action to fend off the attack and implement its incident response plan to protect services, which sets a good example for other organisations.”

Read more on Hackers and cybercrime prevention