logo

Transport for London is dealing with a cyber security incident

Transport for London (TfL) has sent out notifications to customers on Sunday evening saying that they “are currently dealing with an ongoing cyber security incident.”

Transport London cyber incident

The government body that manages most of the transport network of United Kingdom’s capital did not provide additional details about the cyber incident, though BBC sources said that the organization’s “backroom systems at the corporate headquarters” are mainly affected.

Transport for London has yet to provide an update on the situation – they promised one when the cyber incident has been resolved.

No impact on TfL services

“At present, there is no evidence that any customer data has been compromised and there has been no impact on TfL services,” the company stated in the notification, which has also been published on the organization’s website.

“The security of our systems and customer data is very important to us, and we have taken immediate action to prevent any further access to our systems. We are working closely with the relevant government agencies to respond to the incident.”

TfL’s status page shows that London Underground (rapid transit system), London Overground (suburban rail network), Elizabeth line (London’s east-west railway), Docklands Light Railway (DLR), tram, and bus lines continue to operate normally.

“Given that so little information has been provided, there has been some negative conversation online with internet users wanting to know why TfL has even revealed the incident when it hasn’t impacted customer data or services. These are understandable questions, but TfL has a duty to report incidents, non-disclosure would be far worse,” William Wright, CEO, Closed Door Security, told Help Net Security.

“The big question people will also want to know is who carried out the attack and if it can be attributed to another country, like Russia. TfL was also attacked by Russia last year, so it definitely isn’t out of the realms of possibility. Furthermore, given Russia’s recent uptick in attacks on the West, it wouldn’t be surprising, but it is far too early to speculate.”

The incident also acts as a reminder that no organisation is ever fully safe in the digital world, he added. “Whether through outages, attacks or human error, the digital world can present a dangerous terrain for businesses. They therefore must prioritise defences across their architecture and introduce redundancy plans so that even when digital downtime occurs, they can still operate uninterruptedly and safely.”

UPDATE (September 3, 2024, 06:00 a.m. ET):

“Transport for London has set the contactless sign in link to Maintenance mode,” security researcher Kevin Beaumont noted, and added that they “have a genuine internal security incident running and are reverting to paper processes.”


Free security scan for your website