Cyber Incident Victim: Red Funnel
Date:
Sep 2020
Location:
United Kingdom
Summary
A ferry operator experienced a malicious cyberattack that corrupted its IT systems, disrupting online and telephone booking services along with timetable access. The incident caused operational strain, prompting advisories for passengers to arrive early for sailings and purchase tickets in person at terminals. The company confirmed no evidence of data theft or personal information leaks, emphasizing that customer payment card details were not stored within compromised systems. Restoration efforts focused on reinstating basic online booking functionality while maintaining limited ticket sales via physical offices.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Red Funnel, a ferry operator serving routes across the Solent between Southampton and the Isle of Wight, experienced a significant disruption to its operations beginning on Monday, September 28, 2020, when its IT systems were compromised by what the company described as a malicious attack. The attack corrupted critical systems, rendering online and telephone booking platforms inoperable and disabling timetable access for customers. Chief Executive Fran Collins characterized the incident as an intentional effort to strain operations and force system failures, though no evidence indicated data theft as a motive. The disruption prevented passengers from making advance reservations, prompting the company to advise travelers to arrive well in advance of sailings to purchase tickets in person. Red Funnel operates two primary services: a high-speed foot passenger ferry between Southampton and West Cowes and a vehicle ferry linking Southampton with East Cowes, both impacted by the IT outage. Initial investigations focused on determining whether customer data had been exfiltrated, but the company confirmed its systems did not store credit or debit card details, eliminating financial data exposure risks.
The company initiated containment and recovery measures immediately after detecting the attack, prioritizing an assessment of potential personal data leaks. Forensic analysis revealed no evidence of unauthorized access to or exfiltration of customer information. While full system functionality remained impaired, Red Funnel established workarounds by directing customers to purchase day return and single tickets at physical ticket offices in East Cowes and Southampton. Concurrently, technical teams worked to restore a basic version of the online booking system to resume partial digital service capabilities. Operational impacts persisted throughout the incident response phase, with no public timeline provided for full system restoration. Red Funnel’s public communications emphasized operational transparency regarding attack motives and data security while maintaining customer guidance on alternative ticket purchasing methods amid continued service disruptions.