London’s transport authority, Transport for London(TFL), is experiencing an ongoing cyber attack.
In a statement released on its website, the TFL stated that it is currently dealing with an ongoing cybersecurity incident. TFL’s services are running as usual for now. The agency has assured its customers that it is working with relevant authorities to respond to the incident.
The National Crime Authority(NCA) and the National Cyber Security Centre(NCSC) are working closely with TFL to address the incident.
Transport for London is a local government body responsible for most of the transport network in London.
06/09/2024 – UPDATE: Although the transport network is working as usual, TFL’s efforts to deal with this attack have led to the following:
- Live tube arrival information is not available on some of their digital platforms.
- Applications for Oyster photocards have been suspended.
- Pay-as-you-go customers are unable to access their online journey history.
- TFL is unable to issue refunds for journeys made using contactless cards.
- Staff have limited access to systems and email causing delays in responding to customer queries.
12/09/2024 – UPDATE: TFL has confirmed that customer data, including customer names and contact information, has been compromised as part of the ongoing attack. Some Oyster card refund data may also have been accessed. This could include bank account numbers and sort codes of around 5,000 customers.
The NCA has revealed in a report today that a 17-year-old male was arrested in Walsall on the 5th of September in relation to the attack and has since been questioned and granted bail.
TFL is also currently undergoing all-staff identity checks, the intentions behind which remain unknown. One can however speculate that there was either staff involvement in the hacker gaining initial access or that employee data was compromised as part of the breach.
15/09/2024 – UPDATE: TFL’s roughly 30,000 staff members have been asked to attend in-person meetings to verify their identities and reset passwords following developments in the incident. This comes on the tail of the revelation that certain employee data was also accessed during the breach along with customer data, making it necessary for all employee accounts to be deliberately reset and all access revoked.
TFL employees currently have no access to email or other platforms and applications.
More information can be found on TFL’s temporary employee hub.
We will be updating this post as the situation progresses.