Cyber incident hits Auckland Transport’s HOP system, believed to be ransomware

A major cyber incident is impacting Auckland Transport HOP Card system, with top-ups and other HOP card services.

Simon Maude/Stuff

A major cyber incident is impacting Auckland Transport HOP Card system, with top-ups and other HOP card services.

Auckland Transport’s HOP Card system has been hit by a major cyber incident, taking top-ups and other HOP card services offline.

An AT spokesperson said initial indications show it could be a ransomware attack.

“Early indications are that this is a ransomware attack however, investigations are ongoing.”

AT said in a statement on Thursday afternoon that the incident seemed to be isolated, however commuters would still be able to tag on and off, even if their card can’t be topped up.

“We have activated our security protocols and are working with our expert partners to resolve the issue as quickly as possible, however we anticipate it may take until early next week to fully restore these services.”

Have you been impacted? Email [email protected]

Online top-ups, as well as other AT HOP services using My AT HOP on the AT website, were unavailable.

Existing auto top-ups would still work, but there would be a delay in the payment being processed.

Ticket and top up machines were only accepting cash payments, with no transactions using Eftpos/credit cards available. Some machines may not be working.

AT customer service centres have limited functionality and may only be able to accept cash payments.

AT HOP retailers are unable to top up HOP cards or process other AT HOP services like loading concessions.

An Auckland Transport spokesperson said they believe no personal or financial data had been compromised. The system has been taken offline to minimise risk.

The spokesperson added that public transport operators had been asked to ensure their staff are letting people onboard even if they are unable to top up and use their AT HOP card.

“We don’t expect this incident will cause disruptions for our customers when they’re travelling today or over coming days until the incident is resolved.”

Ransomware is a form of malware that spreads through a company’s IT system, eventually encrypting files.

They will then typically demand a ransom, both to supply the digital key that the impacted organisations will need to get back access to their files, and in return for not dumping the sensitive information they have stolen online.