Nottingham City Transport Falls Victim to a Service-Disrupting Cyberattack

Last updated September 28, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer
Credits: Zeke Allsopp @DispatchZeke | Twitter

Nottingham City Transport (NCT) has announced a cybersecurity incident that has caused a partial outage on some of its systems. The event became known from the bus operator itself, who published a notice for its customers to inform them about “intermittent disruptions” that are to be expected for a couple of days. In the service updates section of the NCT website, we see reports of problems with the real-time tracking system and the bus stop displays, so these aspects have been impacted. The app and website are only showing scheduled departure times.

The organization has also informed the Nottinghamshire Police, and specialized agents are aiding the investigations. Although no client data appears to have been stolen as a result of the attack, NCT also informed the UK Information Commissioner’s Office, as they were obliged by law to do. The assessment of the impact is still underway, so the organization has decided not to provide any further comments for the time being.

There’s no word about whether or not this was a ransomware attack, and we weren’t able to find any relevant entries on the active RaaS leak sites on the dark web, but it could be too early for something to appear there at this point. The organization claims that its IT team acted immediately and switched off the network to minimize the impact the attack had. Additionally, NCT clarifies that since most of its systems and databases are hosted externally, using secure third-party providers, no sensitive data can possibly have been accessed by the infiltrators.

Passengers worried about their data or have questions about the incident may only use NCT’s social media channels to make contact, as the organization currently has no access to emails. Alternatively, you may call them at 0115950 6070.

NCT is the major bus operator of the English city of Nottingham (321,500 people) and the general area of Nottinghamshire (823,000 people). It operates a fleet of 310 buses and has won the ‘UK Bus Operator of the Year’ award five times. It is a public-owned (82%) entity that plays a crucial transportation role in the area, so anything threatening its service is a serious menace to society. Thankfully, the attack doesn’t appear to have caused any direct problems, but the question of data exfiltration will linger for a while.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: