Transdev denies data stolen by ransomware group, connects leak to September attack on client

The company said the cybercriminals are hawking data stolen from a client of theirs.

French transportation giant Transdev has denied that any of its information was stolen by a ransomware group after cybercriminals claimed to have 200GB of data and threatened to leak it on Sunday, October 10. 

Ransomware: An executive guide to one of the biggest menaces on the web

Everything you need to know about ransomware: how it started, why it's booming, how to protect against it, and what to do if your PC is infected.

Read More

The LockBit ransomware group listed Transdev on its leak site next to a timer set to expire at 1:00 on Sunday. 

But Transdev -- which calls itself the "largest private provider of multiple modes of transport in North America" -- said the data being hawked by Lockbit was from one of their clients. 

"We are aware that a cybercriminal group has made a threat to publish data, which they allege belongs to Transdev. However, we believe the data referenced by the criminal group likely belongs to a Transdev Client which was the subject of a cyber event in mid-September," a Transdev spokesperson told ZDNet

"We have been conducting an investigation into this event with the assistance of third-party digital forensic specialists. The event involving the client's data was limited to the client's network, which communicates with Transdev's corporate environment only through very strict firewall rules and is protected by our security monitoring and defense systems. At this time, there is no indication that any Transdev Corporate data or data related to any other client was subject to access and/or exfiltration."

Transdev currently operates in 18 countries, with dozens of cities, counties, airports, companies and universities contracting with them to run their transportation systems. Transdev manages 200 million passenger trips annually and brings in more than $1 billion in annual revenue, according to their website.

Transdev has about 15,000 employees in the US alone and runs six different modes of transportation in the US, including buses, shuttles, school buses, paratransit, streetcars, microtransit and autonomous vehicles. 

The attack comes one day after US Homeland Security Secretary Alejandro Mayorkas announced new cybersecurity regulations for US railroad and airport operators in a bid to protect critical infrastructure from ransomware groups and nation-state attackers. 

Despite warnings and threats from US lawmakers, ransomware groups and cybercriminals have shown no fear in attacking companies and organizations managing transportation systems.

In a statement on Friday, US President Joe Biden said that the White House plans to convene a 30-country meeting this month to address cybersecurity.

"The Federal government needs the partnership of every American and every American company" to address cybersecurity, Biden said. 

"We must lock our digital doors -- by encrypting our data and using multifactor authentication, for example -- and we must build technology securely by design, enabling consumers to understand the risks in the technologies they buy."