computer laptop screen half closed in dark room by Philipp Katzenberger

Wightlink reveal data breach of customers’ highly sensitive information (Updated)

Wightlink have been writing to their customers this evening advising that their personal data has been breached

Wightlink say that on Monday, 7th February 2022 they discovered they were the victim of a criminal cyber-attack via unauthorised activity on their IT systems, which resulted in some customer personal information being accessed.

What has been compromised
They say their security experts have been carrying out extensive investigations and have now advised that the compromised data may include the following details for some customers:

  • first name
  • last name
  • bank account number
  • sort code
  • address
  • signature

The Isle of Wight ferry firm go on to say they have engaged independent experts to assess the situation and recommend what additional steps they can take to help prevent this type of incident from happening again.

Advise for customers
They go on to suggest the following steps customers you can take now to help protect their identity:

  • Check your bank statements regularly for any unusual payments
  • Check your credit report regularly
  • Use strong passwords using a mix of letters, numbers and symbols and change them regularly
  • Never give out personal details over the phone, unless you are 100% sure who you’re speaking to

Report to Action Fraud
If you think you have been a victim of fraud, please report it to Action Fraud, the UK’s national fraud and internet crime reporting centre, on 0300 123 2040

Helpline: This service is automatically available to you with no enrolment required. Simply call the Helpline on 0808 196 3050 and an operator will be able to provide support.

Compensation
The company are offering customers whose data has been comprimised a complimentary 12-month membership to Experian Identity Plus membership.

Affected customers have been written to.

Thanks to all the readers who got in touch about this.

Wightlink statement
News OnTheWight contacted Wightlink.

Wightlink chose not to answer News OnTheWight‘s question, instead issued the following statement:

“Unfortunately, despite Wightlink taking appropriate security measures, some of its back office IT systems were affected by a cyber attack last month.

“However, this criminal action has not affected Wightlink’s ferries and FastCats, which have continued to operate normally during and following the attack, nor were its booking system and website affected.

“As soon as the incident was discovered, Wightlink engaged specialist cyber security experts to investigate and assess the situation and reported the matter to the Information Commissioner’s Office (ICO). Wightlink is also liaising with the South East Regional Organised Crime Unit.

“Wightlink does not process or store payment card details for bookings. However the investigation has identified a small number of customers and staff for whom other items of personal information may have been compromised during the incident.

“All those affected have been notified and offered support.

“Wightlink Chief Executive Keith Greenfield says: “This was a highly sophisticated criminal attack on an essential service. I would like to thank all my colleagues at Wightlink who responded quickly ensuring that the impact to customers was minimised and that cross-Solent travel and bookings were unaffected.”

“As this is an ongoing criminal investigation, Wightlink will be making no further comment at this stage. “

Article edit
6.49pm 10th Mar 2022 – Added Wightlink’s statement


Image: Philipp Katzenberger under CC BY 2.0