Transport for London, the city’s public transit agency, announced today that staff members have restricted access to systems and email due to security measures implemented after a cyberattack on Sunday.
On Monday, the transport authority reported the breach to relevant government bodies, including the National Cyber Security Centre and the National Crime Agency, and is collaborating with them to mitigate, assess, and contain the attack’s effects.
The ongoing investigation has not found any evidence indicating that customer data was compromised.
“Many of our staff have limited system and email access, which may delay our responses to your inquiries or previously submitted webforms,” TfL stated in a Friday update.
“We are unable to process refunds for journeys made using contactless cards, and Oyster card users will need to manage services through our self-serve online platform.”
While in-station and journey planning information remains accessible, some live travel data, such as train arrival information and TfL JamCams, is unavailable on platforms like the official website and the TfL Go app.
TfL has also suspended applications for Oyster photocards, including Zip cards, and pay-as-you-go contactless customers are unable to view their online journey history.
“We apologize for any inconvenience these temporary changes may cause to some customers and are working to restore services as quickly as possible,” said Shashi Verma, TfL’s Chief Technology Officer.
Earlier this week, the Dial-a-Ride booking system was temporarily taken offline due to internal actions aimed at managing the cyberattack. However, Verma confirmed that all existing bookings were honored.
Essential bookings can now be made by phone, with full call center services expected to resume in the coming days.
Despite the disruptions, TfL assured that London’s transport network continues to operate “as usual,” and public transport services remain unaffected by the cyberattack.
“The security of our systems and customer data is a top priority. We consistently monitor system access to ensure only authorized personnel can log in. On Sunday, we detected suspicious activity and took immediate steps to restrict access,” Verma added.
TfL serves over 8.4 million residents through its surface, underground, and Crossrail (Elizabeth line) services, the latter managed jointly with the UK’s Transport Department.
In July 2023, TfL confirmed that the Cl0p ransomware group had stolen the contact details of approximately 13,000 customers after compromising one of its supplier’s MOVEit managed file transfer (MFT) servers in May 2023. This server was hosted externally, outside TfL’s systems.
Source: BleepingComputer, Sergiu Gatlan