Transport for London discloses ongoing “cyber security incident”
Transport for London (TfL), the city's transport authority, is investigating an ongoing cyberattack that has yet to impact its services.
The agency also added that there was no evidence that customer information was compromised during the incident.
"We are currently dealing with an ongoing cyber security incident," TfL's Customer Information Team warned customers over email earlier and in a statement published online today.
"At present, there is no evidence that any customer data has been compromised and there has been no impact on TfL services."
TfL has also reported the attack to relevant government agencies (including the National Crime Agency and the National Cyber Security Centre) and works closely with them to respond and contain the incident's impact.
"The security of our systems and customer data is very important to us, and we have taken immediate action to prevent any further access to our systems," the agency added.
"We have introduced a number of measures to our internal systems to deal with an ongoing cyber security incident," TfL's chief technology officer Shashi Verma said in a statement to the BBC.
TfL also confirmed last July that the Cl0p ransomware gang hacked one of its suppliers' MOVEit managed file transfer (MFT) servers (hosted outside TfL's systems) in May 2023.
The Russian cybercriminals stole the contact details of approximately 13,000 customers, but the transport authority said that their banking details were not compromised.
"MOVEit is also used directly within TfL’s systems but this was not compromised," TfL added at the time.
TfL is organized into three units that oversee London's surface, underground, and Crossrail (the Elizabeth line jointly managed with the UK's Transport Department) transportation systems, serving over 8.4 million city residents.
This is a developing story...
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024