Cyber Incident Victim: Black and White Cabs

On January 31, 2023, Black and White Cabs detected suspicious activity on its network, prompting an immediate investigation. By the afternoon of February 1, the company confirmed a serious cybersecurity threat had compromised its dispatch and administration systems. Managing Director Greg Webb announced on February 2 that forensic analysis identified a CryptoLocker virus infiltrating the network, though investigations revealed no evidence of unauthorized access to customer, driver, operator, or staff data. The attack forced the company to take all customer-facing systems offline, including phone and online booking platforms, which handled over 80% of reservations. External cybersecurity experts were urgently dispatched from Sydney to assist the internal IT team in containment and recovery efforts. Black and White Cabs reported the incident to the Australian Cyber Security Centre (ACSC) in compliance with mandatory cyber incident reporting requirements.

The company implemented additional security measures across its network as a precautionary step while maintaining partial operations through staff working in-office and fielding communications via phone, email, and in-person visits. Service restoration faced significant delays due to concerns about residual virus activity, with Webb emphasizing that resuming operations prematurely risked further compromise. By February 6 at 1pm AEST, critical phone booking systems were restored after a week-long outage, though broader system recovery timelines remained unspecified. Throughout the incident, the company provided regular updates via email, SMS, Facebook, and dedicated web page announcements, including an FAQ section for passengers published on February 3. Operational disruptions primarily affected booking capabilities, while customer data protection and system integrity remained the organization's stated priorities during remediation.