WIGHTLINK SUFFERS ‘SOPHISTICATED’ CYBER ATTACK EXPOSING CUSTOMERS’ DETAILS

SerocuThe names, addresses, bank details and signatures of some Wightlink customers have been compromised following a sophisticated cyber attack on the cross-Solent operator’s IT infrastructure, it has been revealed.

Wightlink is in the process of contacting affected customers about the data security incident and has reported the matter to the Police, with the South East Regional Organised Crime Unit currently investigating the matter.

The company says that it was on 7th February this year that it discovered Wightlink had been the victim of a criminal cyber-attack via unauthorised activity on the company’s IT systems, which has resulted in some customer personal information being accessed.

Article continues below this advertisement

Security experts are said to have been carrying out extensive investigations into the incident, with confirmation that compromised data may include customer’s first name, last name, bank account number and sort code, address and signature.

In a statement issued tonight, Wightlink has told Island Echo:

“Unfortunately, despite Wightlink taking appropriate security measures, some of its back office IT systems were affected by a cyber attack last month. However, this criminal action has not affected Wightlink’s ferries and FastCats, which have continued to operate normally during and following the attack, nor were its booking system and website affected.

“As soon as the incident was discovered, Wightlink engaged specialist cyber security experts to investigate and assess the situation and reported the matter to the Information Commissioner’s Office (ICO). Wightlink is also liaising with the South East Regional Organised Crime Unit.

“Wightlink does not process or store payment card details for bookings. However the investigation has identified a small number of customers and staff for whom other items of personal information may have been compromised during the incident.

Article continues below this advertisement

Wightlink Chief Executive Keith Greenfield says:

“This was a highly sophisticated criminal attack on an essential service. I would like to thank all my colleagues at Wightlink who responded quickly ensuring that the impact to customers was minimised and that cross-Solent travel and bookings were unaffected.”

Wightlink says it will be making no further comment at this stage as the matter is an ongoing criminal investigation.

Don’t miss another story! Get the Island’s latest news delivered straight to your inbox. Sign up to our daily newsletter here.

Article continues below this advertisement

The views/opinions expressed in these comments are solely those of the author and do not represent those of Island Echo. House rules on commenting must be followed at all times.
12 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Sharon
Sharon
3 months ago

Why on earth has this taken over a month to come out. Diabolical considering customers are possibly effected!

Tyler
Tyler
3 months ago

7th of feb and we have just been told?? And good news they haven’t been affected when the customers bank details have been taken….. lucky Wightlink’s want one of them

Islander
Islander
3 months ago

Over 1 month to tell us, your customers, that our bank details and personal information etc may have been compromised!! Disgraceful.

Malcolm
Malcolm
3 months ago

I bet this “highly sophisticated” attack was someone clicking on a link in a phishing email!

fred
fred
Reply to  Malcolm
3 months ago

Or log4j and their website not sanitising user input. Drop a special string on their site and get full access.

xkcd 327 🙂

J B
J B
3 months ago

The ICO says:

At a glance

Part 3 of the DPA 2018 introduces a duty on all organisations to report certain types of personal data breach to the Information Commissioner. You must do this within 72 hours of becoming aware of the breach, where feasible.

If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.

Wightlink customer
Wightlink customer
3 months ago

Could this be people who asked for multi link pass refunds due to covid travel ban perhaps ? I have had the ‘I’m affected’ email from them and checked back in my emails and they wanted bank details and signature posted to them with the passes for a refund .. It would be useful to know the exact group of customers affected as this might ( slightly ) reassure those who were not affected !

Wightlink customer
Wightlink customer
3 months ago

The more I think about this the more angry I become. This could ruin lives e.g. loans being taken out against our names. Wightlink how about also paying the £25 fee for us to register for cifas registration. ( identity fraud ). Not that £25 will make much difference if we lose thousands and lose our ‘ identities’. We all know the police and authorities do nothing about identity and financial fraud.

Still Here
Still Here
3 months ago

Yet another extremely strong case to bring back the booking office and booking clerk and to hell with all this on-line rubbish we are continually plagued with. And then when there is a critical crew member missing (the booking clerk) free travel will be available. That won’t happen for sure!

Mojo
Mojo
3 months ago

Wight.ink will loose or claim if any loss or take it on the chin they can afford to but the poor paying customers can’t .
compensation is due as this will play havoc on people’s minds , worrying etc

fred
fred
3 months ago

Who says it’s “SOPHISTICATED”? Maybe an inexperienced developer may think that but a script kiddy will say it was childs play.

Give details of how it was done and let us decide if it was “SOPHISTICATED”

Ian Johnson
Ian Johnson
3 months ago

Over a month to publicize this-absolutely disgusting. Wightlink obviously care nothing about their customers, only how this news might effect future bookings.

 

Join our daily newsletter

News, Traffic & Travel Tweets