[BreachExchange] Transdev denies data stolen by ransomware group, connects leak to September attack on client

[Terrell Byrd]

https://www.zdnet.com/article/transdev-denies-data-stolen-by-ransomware-group/

French transportation giant Transdev has denied that any of its information
was stolen by a ransomware group after cybercriminals claimed to have 200GB
of data and threatened to leak it on Sunday, October 10.

The LockBit ransomware group listed Transdev on its leak site next to a
timer set to expire at 1:00 on Sunday.

But Transdev -- which calls itself the "largest private provider of
multiple modes of transport in North America" -- said the data being hawked
by Lockbit was from one of their clients.

"We are aware that a cybercriminal group has made a threat to publish data,
which they allege belongs to Transdev. However, we believe the data
referenced by the criminal group likely belongs to a Transdev Client which
was the subject of a cyber event in mid-September," a Transdev spokesperson
told ZDNet.

"We have been conducting an investigation into this event with the
assistance of third-party digital forensic specialists. The event involving
the client's data was limited to the client's network, which communicates
with Transdev's corporate environment only through very strict firewall
rules and is protected by our security monitoring and defense systems. At
this time, there is no indication that any Transdev Corporate data or data
related to any other client was subject to access and/or exfiltration."

Transdev currently operates in 18 countries, with dozens of cities,
counties, airports, companies and universities contracting with them to run
their transportation systems. Transdev manages 200 million passenger trips
annually and brings in more than $1 billion in annual revenue, according to
their website.

Transdev has about 15,000 employees in the US alone and runs six different
modes of transportation in the US, including buses, shuttles, school buses,
paratransit, streetcars, microtransit and autonomous vehicles.

The attack comes one day after US Homeland Security Secretary Alejandro
Mayorkas announced new cybersecurity regulations for US railroad and
airport operators in a bid to protect critical infrastructure from
ransomware groups and nation-state attackers.

Despite warnings and threats from US lawmakers, ransomware groups and
cybercriminals have shown no fear in attacking companies and organizations
managing transportation systems.

In a statement on Friday, US President Joe Biden said that the White House
plans to convene a 30-country meeting this month to address cybersecurity.

"The Federal government needs the partnership of every American and every
American company" to address cybersecurity, Biden said.

"We must lock our digital doors -- by encrypting our data and using
multifactor authentication, for example -- and we must build technology
securely by design, enabling consumers to understand the risks in the
technologies they buy."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211020/1df09be7/attachment.html>