The Auckland Transport (AT) authority in New Zealand is currently addressing a widespread service disruption, thought to have arisen from a cyber-related incident, affecting numerous customer services.

AT, the regional government-owned transportation entity in Auckland, oversees public conveyance through its ferries, buses, and trains. Additionally, its responsibilities encompass designing and constructing roads and other essential infrastructure.

The organization confirmed today that they’ve encountered disruptions in their HOP services—an integrated ticketing and fare system—as certain segments of their network were affected by this cyber event.

The disruption has notably affected HOP card top-ups and associated services. Nevertheless, AT’s staff and operators are ensuring continued travel, even if customers find themselves unable to top up their HOP cards. An earlier update outlined the extent of services affected:

• There have been interruptions in online top-ups and other associated AT HOP services on the official AT website.
• While existing auto top-ups are functional, there appears to be a lag in payment processing.
• Ticket machines and top-up points are now predominantly accepting only cash.
• Transactions with Eftpos/credit cards have been suspended, and some machines may be out of order.
• The functionality of AT’s customer service centers has been reduced, possibly only accommodating cash transactions.
• Retailers affiliated with HOP are currently unable to recharge HOP cards or offer other related services.

A spokesperson for AT relayed to the local NZ Herald that there are preliminary indications pointing towards a ransomware attack. However, they stressed that thorough investigations are still underway.

This spokesperson also highlighted that travelers with depleted HOP cards would face leniency and that the usual travel schedules on AT’s buses, ferries, and trains should persist without significant disruptions.

AT anticipates that their website and HOP services might resume their standard operations by next week. Hence, they are advising patrons to exercise patience while they work diligently to rectify the compromised systems.

Given the modus operandi of ransomware attacks—often involving data breaches for dual extortion purposes—there are looming worries over the potential exposure of sensitive customer data.

Addressing these apprehensions, AT commented that their current assessment indicates the incident’s confinement to a specific portion of their system. Furthermore, they believe that no personal or financial data has been compromised.

To date, no prominent ransomware entities have publicly claimed the disruption of AT’s systems.