Transport for London discloses ongoing “cyber security incident”
Transport for London (TfL), the city's transport authority, is investigating an ongoing cyberattack that has yet to impact its services.
The agency also added that there was no evidence that customer information was compromised during the incident.
"We are currently dealing with an ongoing cyber security incident," TfL's Customer Information Team warned customers over email earlier and in a statement published online today.
"At present, there is no evidence that any customer data has been compromised and there has been no impact on TfL services."
TfL has also reported the attack to relevant government agencies (including the National Crime Agency and the National Cyber Security Centre) and works closely with them to respond and contain the incident's impact.
"The security of our systems and customer data is very important to us, and we have taken immediate action to prevent any further access to our systems," the agency added.
"We have introduced a number of measures to our internal systems to deal with an ongoing cyber security incident," TfL's chief technology officer Shashi Verma said in a statement to the BBC.
TfL also confirmed last July that the Cl0p ransomware gang hacked one of its suppliers' MOVEit managed file transfer (MFT) servers (hosted outside TfL's systems) in May 2023.
The Russian cybercriminals stole the contact details of approximately 13,000 customers, but the transport authority said that their banking details were not compromised.
"MOVEit is also used directly within TfL’s systems but this was not compromised," TfL added at the time.
TfL is organized into three units that oversee London's surface, underground, and Crossrail (the Elizabeth line jointly managed with the UK's Transport Department) transportation systems, serving over 8.4 million city residents.
This is a developing story...
Admins of MFA bypass service plead guilty to fraud
Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
InformationalInformation Disclosure - Suspicious Comments
HighPII Disclosure
Free online web security scanner
