Transport for London (TfL) has confirmed it suffered a cybersecurity incident yesterday, triggering an investigation by the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC). Despite the severity of the situation, the UK government body responsible for most of the transport network in London said that there was no evidence that customer data had been compromised or that services had been disrupted.
According to TfL Chief Technology Officer Shashi Verma, the organisation implemented several measures to protect its internal systems and prevent further unauthorised access. “The security of our systems and customer data is very important to us and we will continue to assess the situation throughout and after the incident,” said Verma. “Although we’ll need to complete our full assessment, at present there is currently no evidence that any customer data has been compromised.
“There is currently no impact to TfL services and we are working closely with the National Crime Agency and the National Cyber Security Centre to respond to the incident.”
TfL backroom systems primarily impacted
The attack appears to have mainly impacted the UK transport provider’s backroom systems at its corporate headquarters. At this stage, TfL has not confirmed any disruption to its transportation services arising from the incident, services that include the London underground buses, trams, and overground networks.
This is not the first time TfL has been targeted, directly or otherwise. In July 2023, a third-party supplier for the transport provider was hacked by the Cl0p ransomware group. This resulted in the theft of contact details for around 13,000 customers. However, TfL confirmed that no financial data was compromised in that breach.
Public institutions increasingly vulnerable to cyberattacks
Recent cyberattacks in the UK have targeted multiple organisations across different sectors. In January 2023, the Royal Mail was attacked by the LockBit group, affecting its international delivery services. The postal firm reportedly spent £10m repairing its systems after the breach. The University of Manchester, meanwhile, suffered a data breach in June of that year, wherein sensitive information about students and staff was accessed and ransomed by cybercriminals.
On a similar note, last month, the Port of Seattle in the US, which oversees the Seattle-Tacoma International Airport (Sea-Tac), reported a “possible cyberattack” that caused significant disruptions to its internet and web systems. The incident, which began on the morning of 24 August 2024, led to outages affecting several critical systems at the airport, including websites and phone services.
Written by Refna Tharayil