Auckland Transport Hit by Medusa Ransomware: What You Need to Know

Breached Company

27 Sep 2023 — 2 min read

Introduction

Auckland Transport, the public transport agency in New Zealand, recently fell victim to a "cyber incident" that severely disrupted its ticketing systems. The Medusa ransomware group is suspected to be behind the attack. While Auckland Transport is gradually restoring its services, the incident has led to significant delays and inconvenience for commuters. Here's everything you need to know about the cyberattack and its implications.

Timeline of the Incident

The cyber incident began on Monday, 18 September 2023, and had a widespread impact on Auckland Transport's services. It affected online top-ups of travel cards, ticketing machines, a ferry terminal, and customer service centers. By 8 pm New Zealand time on the same day, some progress was made in restoring services. Auckland Transport is currently in the process of bringing its systems back online, with different services resuming at different times.

Customer Data and Financial Security

One of the major concerns in any cyberattack is the security of customer data. Auckland Transport has assured that customer data, including financial information, is believed to be secure. The organization has activated its cybersecurity protocols to safeguard against further risks.

Medusa's Ransom Demands

The Medusa ransomware group has claimed responsibility for the attack and has posted information about the incident on its darknet leak site. The group is demanding a $1 million ransom for data deletion or download and an additional $10,000 to extend the data publication timer. Auckland Transport CEO Dean Kimpton stated unequivocally that the agency has no intention of negotiating with the ransomware group.

Verifying Medusa's Claims

As of now, Medusa has not provided any samples of the data it claims to hold, making it difficult to verify the authenticity of their claims. The group has stated that it would publish the data within seven days. 290 people have viewed the ransom demand page at the time of reporting.

Auckland Transport's Response

Auckland Transport is urging its customers to continue using their services as they come back online. The agency is also providing assistance at public transport stations to help commuters during this challenging period. The focus is on restoring systems and ensuring the security of customer data.

Conclusion

The cyberattack on Auckland Transport serves as a reminder of public agencies' vulnerabilities in the digital age. While the agency is working diligently to restore services and secure customer data, the incident raises questions about the preparedness of public transport systems against sophisticated cyber threats. As Auckland Transport refuses to negotiate with the Medusa ransomware group, it remains to be seen how the situation will unfold in the coming days.

For the latest updates on this incident, stay tuned to Auckland Transport's official channels and exercise caution while using their services during this period.

Disclaimer: This article is based on the information available at the time of publication and may be subject to updates.

React2Shell (CVE-2025-55182): The CVSS 10.0 RCE Shaking the JavaScript Ecosystem

December 6, 2025 | Critical Security Advisory Executive Summary The JavaScript ecosystem is facing one of its most severe security crises in recent memory. CVE-2025-55182, dubbed "React2Shell" by security researchers, is a maximum-severity (CVSS 10.0) remote code execution vulnerability affecting React Server Components that allows unauthenticated attackers to

The Ransomware Revolution: How Attack Economics Are Reshaping the Threat Landscape Entering 2026

Executive Summary As we close out 2025 and look toward 2026, the ransomware ecosystem has undergone a dramatic transformation that fundamentally changes how organizations must approach cyber defense. With attacks surging 34% year-over-year while ransom payments plummet to historic lows, threat actors are evolving their business models in ways that

Massive Intellexa Leak Exposes Predator Spyware's Dark Evolution: Ad-Based Zero-Click Attacks and Vendor Backdoor Access

Major investigation reveals commercial spyware vendor maintained secret access to government surveillance systems while developing invisible infection vectors through digital advertising A damning new investigation into mercenary spyware vendor Intellexa has exposed operational details that should alarm every CISO: the company behind the notorious Predator spyware not only developed zero-click

Europol Dismantles EUR 700 Million Cryptocurrency Fraud Network in Coordinated International Operation

Two-phase operation targets investment scam platforms and affiliate marketing infrastructure across seven countries December 4, 2025 In a sweeping international operation that marks one of the largest cryptocurrency fraud takedowns of 2025, law enforcement authorities have successfully dismantled a sophisticated criminal network responsible for laundering over EUR 700 million through