Transport for London (TfL), which manages the capital’s public transport network, is now dealing with the impact of a severe cyberattack that has caused major disruption to its services.
On Monday, September 2, Transport for London experienced a sophisticated cyberattack targeting its IT systems. The breach primarily affected the website and multiple internal systems, causing temporary disruptions to service information and ticketing operations.
The transport authority promptly reported the incident to relevant government agencies, including the National Cyber Security Centre and the National Crime Agency. An investigation is ongoing, but there is no evidence so far that customer information was compromised.
According to Transport for London in a statement:
“Many of our staff have limited access to systems and email and, as a result, we may be delayed or unable to respond to your query or any webforms previously submitted. We are currently unable to issue refunds for journeys made using contactless cards, and Oyster customers will have to self-serve online.”
Passenger Confusion Rises as TfL Works to Restore Online Services After Cyberattack
The absence of real-time travel updates has confused customers, even though the attack did not affect subway, bus, or rail services. TfL has informed the public that critical safety systems, such as train operations and signalling, are safe and unaffected.
Some live travel data, such as train arrival times and TfL JamCams, is missing from certain platforms like the official website and TfL Go app. However, journey planning and in-station information are still available.
Transport for London has paused applications for Oyster photocards, including Zip cards. Additionally, pay-as-you-go contactless users are no longer able to access their travel history online.
We apologise for any inconvenience these temporary changes may cause,” said TfL’s Chief Technology Officer, Shashi Verma. “We are working to restore these services as quickly as possible.
Preliminary investigations indicate that the personal data of TfL account holders may have been compromised. TfL is currently investigating the scope of the incident and is recommending that consumers monitor their accounts for any unusual activity. Those affected will be informed individually and advised on how to take preventative steps.
In a few days, all call centre services should be restored. For now, only essential reservations can be made over the phone. TfL confirmed that the incident has not affected public transport services and that the transport network in London is functioning normally despite the disruptions.
This isn’t TfL’s first cyber challenge. In July 2023, the company revealed that the Cl0p ransomware group got the contact information of around 13,000 customers by accessing a supplier’s MOVEit managed file transfer (MFT) server in May 2023.
Reducing an organisation’s susceptibility to a successful attack should be at the forefront of any cyber-risk decision making as we move into this next phase of attack sophistication and complexity.
Continuously phishing and security awareness training is an important aspect to helping satisfy the first side of the information security triangle, which consists of “people,” “process,” and “technology”.