A United Kingdom-based ferry company called Wightlink has been struck by a highly sophisticated cyberattack conducted by an unidentified threat actor. Researchers said that the cyberattack may have affected the personal data of a few customers and staff connected to Wightlink.
The ferry operator released a statement saying that the cyberattack occurred in February. Wightlink claimed that the threat attack allegedly impacted a small number of IT systems. The ferry operators’ statement also claimed that their website, booking systems, or ferry services did not take any hit from the recently discovered attack.
The affected company has informed the UK’s Information Commissioner’s Office (ICO) and law enforcement agencies, clarifying that the potential victims of the cyberattack are also well informed about the current situation.
The ferry operator runs in three routes between the Isle of Wight (an island off the south coast of the UK) and the Hampshire in southeast England. They carry over 4 million passengers per year on approximately 100 daily ferry deployments.
Wightlink said that they are currently investigating the recent cyberattack against their systems.
Based on reports, Wightlink has taken appropriate security measures for the cyberattack. However, some of its back-office IT systems were already compromised by the attack last month.
Luckily, the cybercriminal’s action has not interfered with Wightlink’s ferry services, and its operation has continued its routine despite the attack. The booking systems and their websites are also unaffected.
Wightlink also said they immediately employed a third-party security firm to investigate the situation as soon as the intrusion was discovered. They also collaborated with the Southeast Regional Organised Crime Unite to identify the malicious threat actors responsible for the attack.
The victim addressed the attack against them smoothly, and the threat actors did not manage to crack any critical information from their system. However, cybersecurity experts suggest that the company should not let its guard down since another attack is possible.
