logo

Transport for London staff faces systems disruptions after cyberattack

Transport for London TfL

​Transport for London, the city's public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack.

On Monday, the transport authority reported the incident to relevant government agencies (including the National Cyber Security Centre and the National Crime Agency). It is now working with them to respond, assess, and contain the attack's impact.

So far, an ongoing investigation has yet to discover evidence that customer information was compromised during the incident.

"Many of our staff have limited access to systems and email and, as a result, we may be delayed or unable to respond to your query or any webforms previously submitted," TfL said in a Friday update.

"We are currently unable to issue refunds for journeys made using contactless cards, and Oyster customers will have to self-serve online."

While in-station and journey planning information remains accessible, Transport for London said some live travel data (including train arrival information and TfL JamCams) is unavailable on some platforms, like the official website and the TfL Go app.

TfL has also suspended applications for Oyster photocards, including Zip cards, and pay-as-you-go contactless customers can no longer view their online journey history.

TfL cyber security incident

"We apologise for any inconvenience that these temporary changes will cause to some customers and are working to bring these back online as quickly as possible," TfL's Chief Technology Officer Shashi Verma said in a statement shared with BleepingComputer.

​Earlier this week, the Dial-a-Ride booking system was temporarily unavailable due to internal measures taken to deal with the cyberattack. However, according to Verma, existing bookings were still honored.

Essential bookings can now be made by phone, and full call center services are expected to resume over the coming days.

Despite the disruptions, TfL stated that London's transport network is operating "as usual" and that the cyberattack has not affected public transport services.

"The security of our systems and customer data is very important to us. We continually monitor who is accessing our systems to ensure only those authorised can gain access. We identified some suspicious activity on Sunday and took action to limit access," Verma added.

TfL provides transportation services to over 8.4 million city residents through London's surface, underground, and Crossrail (the Elizabeth line, jointly managed with the UK's Transport Department) transport systems.

In July 2023, the transport agency also confirmed that the Cl0p ransomware gang stole the contact details of approximately 13,000 customers after hacking one of its suppliers' MOVEit managed file transfer (MFT) servers (hosted outside TfL's systems) in May 2023.


Free security scan for your website