Cyber Incident Victim: Nottingham City Transport
Date:
Jul 2021
Location:
United Kingdom
Summary
A bus operator experienced a cyber-attack impacting its IT systems, prompting collaboration with cybersecurity experts and notification to the Information Commissioner's Office. While services continued operating normally, intermittent disruptions occurred due to unavailable operational systems, and email access remained compromised—passengers were advised to use phone or social media for assistance. The organization stated no personal data was believed accessed, and law enforcement initiated an investigation with specialist support. Customers and employees were acknowledged for their patience during the incident response.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 15, 2021, Nottingham City Transport (NCT), a bus operator in Nottinghamshire, United Kingdom, publicly disclosed it had experienced a cyber-attack affecting its IT systems. The organization stated it engaged cybersecurity experts immediately upon detecting the breach, though the exact timing and method of initial intrusion were not specified. NCT’s internal IT team was alerted to the incident without delay, initiating a coordinated response. Nottinghamshire Police confirmed an active investigation, deploying specialist personnel to provide cybersecurity support and advisory services to the organization. Detective Inspector Ed Cook emphasized the operational involvement of law enforcement in assessing the breach. NCT proactively reported the incident to the UK Information Commissioner’s Office (ICO), adhering to regulatory obligations, though no evidence suggested unauthorized access to passenger or employee personal data at the time of disclosure.
The attack caused significant operational disruptions, particularly to NCT’s internal IT infrastructure. While bus services continued running according to published schedules, the company warned passengers of potential intermittent service disruptions due to the unavailability of critical operational systems. Email communications were completely inaccessible, prompting NCT to direct customers to alternative contact channels—primarily phone support and social media platforms—for issue resolution. NCT acknowledged the incident caused "great inconvenience" to passengers and employees but maintained service continuity through manual or contingency procedures. The organization committed to providing further updates as recovery efforts progressed, publicly thanking stakeholders for their patience while emphasizing collaboration with investigators and cybersecurity professionals to restore normal operations. No additional technical details regarding attack vectors, threat actors, or financial impacts were disclosed in the initial statement.