Headline
London’s city transport hit by cybersecurity incident
Transport for London (TfL) is apparently fighting a cybersecurity incident but is rather sparing in providing details
Transport for London (TfL), the city’s transport authority, is fighting through an ongoing cyberattack. TfL runs three separate units that arrange transports on London’s surface, underground, and Crossrail transportation systems. It serves some 8 million inhabitants of the London metropolitan area.
In a public notice Transport for London stated:
“We are currently dealing with an ongoing cyber security incident. At present, there is no evidence that any customer data has been compromised and there has been no impact on TfL services.
The security of our systems and customer data is very important to us, and we have taken immediate action to prevent any further access to our systems.”
The incident does have some impact though, as TfL took the contactless website for purchasing tickets offline for “maintenance.” This maintenance was not announced earlier though, which they likely would have done under normal circumstances.
The contactless website is used to purchase online tickets, upgrade travelcards (Oystercards), check travel history, and request refunds.
In a short thread on X, TfL said it is working with the National Crime Agency and the National Cyber Security Centre to investigate and respond to the incident.
Hi, thanks for getting in touch. We are working to resolve this as soon as possible. We need to complete our full assessment, but there is currently no evidence that any customer data has been compromised, or impact on TfL services. We are working closely with the
National Crime Agency and the National Cyber Security Centre to respond to the incident. We are continuing to work to assist our customers here in the usual manner. Thanks, SW.
According to security researcher Kevin Beaumont:
“Transport for London have a genuine internal security incident running and are reverting to paper processes.”
Since TfL is keeping rather quiet about the incident it is hard to asses whether this disruption is the result of a ransomware attack or something else.
We’ll keep you posted if we learn more.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.