UK’s ferry service operator Wightlink has recently admitted a data breach following a cyberattack. While specific details about the incident remain unclear, the firm assured that the incident did not impact its operations.
Wightlink Ferry Service Data Breach
Wightlink is a prominent ferry operator offering services in the South of England, connecting the Isle of Wight and Hampshire. The firm has garnered a vast customer base with impressive services. But recently, it reached out to its customers for a not-so-good reason.
According to media reports, Wightlink informed customers about a data breach that the firm suffered following a cyberattack.
Elaborating further via a statement to the media, the company admitted to facing a “sophisticated cyberattack”. The incident happened last month, impacting some “back office IT systems”, despite all the security measures in place.
Consequently, the incident resulted in a data breach, affecting customers’ and staff’s personal information. Nonetheless, the incident didn’t involve card details since the service never stores one.
Wightlink does not process or store payment card details for bookings. However, the investigation has identified a small number of customers and staff for whom other items of personal information may have been compromised during the incident.
After detecting the incident, Wightlink started investigations by involving cybersecurity experts. Also, they reported the matter to the UK Information Commissioner Office (ICO).
While the firm suffered a data breach, it assured its operations remained unaffected.
Commenting further on the matter, Keith Greenfield, Chief Executive Wightlink, said,
This was a highly sophisticated criminal attack on an essential service. I would like to thank all my colleagues at Wightlink who responded quickly ensuring that the impact to customers was minimised and that cross-Solent travel and bookings were unaffected.
Until the time of writing this story, Wightlink has shared no further details about how the attack happened, the nature of the attack, the identification of the attackers, and other related information.