Cyber Incident Victim: Wightlink

Wightlink, a UK ferry operator providing three routes between Hampshire and the Isle of Wight with over 4.6 million annual passengers, experienced a cyber attack in February 2022 that compromised certain back-office IT systems. The company described the incident as "highly sophisticated" and "criminal action" but confirmed ferry services, FastCat vessels, booking systems, and public-facing websites continued normal operations throughout the attack. Upon discovering the breach, Wightlink immediately engaged third-party cybersecurity experts to investigate the incident's scope and impact. The investigation revealed potential compromise of personal information belonging to "a small number of customers and staff," though the company emphasized it does not process or store payment card details for bookings. No operational technology controlling ferries or safety systems was affected, allowing uninterrupted service across more than 100 daily sailings during and after the attack.

Wightlink notified the UK Information Commissioner's Office (ICO) and collaborated with the South East Regional Organised Crime Unit while implementing containment measures. The organization directly contacted individuals whose personal data might have been exposed, though specific data types or exact numbers of affected parties weren't disclosed publicly. CEO Keith Greenfield acknowledged staff efforts in minimizing customer impact and maintaining cross-Solent transportation services. The company maintained that appropriate security measures were in place prior to the attack, indicating the adversaries circumvented existing defenses through advanced methods. Law enforcement involvement continued post-incident, with no further details provided about attack vectors, threat actors, or data recovery processes.