Transport for London (TfL) has entered its second week of managing a cybersecurity incident that has still left some of its online and digital services offline. In an update on Tuesday, TfL indicated that the cybersecurity incident is ongoing. Its previous message that stated no customer data had been compromised has been updated to state that “the security of our systems and customer data is very important to us.”
London’s transport network, including the underground buses, trams, and overground services, continues to operate without much interruption. However, TfL’s online platforms and customer services have been partially impacted.
Initially reported on 2 September 2024, the incident prompted the UK transport provider to engage the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to probe into the incident. TfL is working closely with government agencies to resolve the cybersecurity issue.
TfL cyberattack continuing to impact services
According to the new updates, the transport provider’s Live Tube arrival information is currently unavailable on certain digital platforms such as the TfL website and TfL Go app. However, the in-station updates and journey planning tools are still accessible.
Furthermore, applications for Oyster photocards, including Zip cards, have been temporarily suspended, and contactless pay-as-you-go users cannot access their journey history online. Refunds for incomplete journeys made with contactless payments are also unavailable at this time. TfL said that its Oyster customers will be able to self-serve online.
In addition, the UK government body responsible for most of the transport network in London stated that its staff have limited access to internal systems and emails, resulting in delays in responding to customer queries.
In a separate announcement, TfL confirmed that its door-to-door Dial-a-Ride service for those with long-term disabilities has also been disrupted.
“Due to the ongoing TfL-wide cyber security incident, we are currently able to process only a limited number of booking requests,” said the transport provider’s website. “In addition, many of our staff have limited access to systems and email and, as a result, we may be delayed or unable to respond to your query.”
Last week, multiple outlets reported that the cybersecurity attack mainly impacted the London transport provider’s backroom systems at its corporate headquarters. This incident follows a previous cybersecurity breach in July 2023 when a third-party supplier for TfL was hacked by the Cl0p ransomware group, affecting 13,000 customer contact details. The government body confirmed that no financial data was compromised in that breach.