Transport for London, the town’s public transportation company, revealed at this time that its workers has restricted entry to methods and electronic mail on account of measures applied in response to a Sunday cyberattack.
On Monday, the transport authority reported the incident to related authorities companies (together with the Nationwide Cyber Safety Centre and the Nationwide Crime Company). It’s now working with them to reply, assess, and comprise the assault’s influence.
Up to now, an ongoing investigation has but to find proof that buyer info was compromised in the course of the incident.
“Lots of our workers have restricted entry to methods and electronic mail and, consequently, we could also be delayed or unable to reply to your question or any webforms beforehand submitted,” TfL mentioned in a Friday replace.
“We’re presently unable to challenge refunds for journeys made utilizing contactless playing cards, and Oyster clients should self-serve on-line.”
Whereas in-station and journey planning info stays accessible, Transport for London mentioned some reside journey knowledge (together with practice arrival info and TfL JamCams) is unavailable on some platforms, just like the official web site and the TfL Go app.
TfL has additionally suspended functions for Oyster photocards, together with Zip playing cards, and pay-as-you-go contactless clients can now not view their on-line journey historical past.
“We apologise for any inconvenience that these short-term modifications will trigger to some clients and are working to carry these again on-line as shortly as doable,” TfL’s Chief Expertise Officer Shashi Verma mentioned in an announcement shared with BleepingComputer.
Earlier this week, the Dial-a-Journey reserving system was briefly unavailable on account of inner measures taken to cope with the cyberattack. Nevertheless, in accordance with Verma, present bookings have been nonetheless honored.
Important bookings can now be made by cellphone, and full name middle providers are anticipated to renew over the approaching days.
Regardless of the disruptions, TfL acknowledged that London’s transport community is working “as typical” and that the cyberattack has not affected public transport providers.
“The safety of our methods and buyer knowledge is essential to us. We regularly monitor who’s accessing our methods to make sure solely these authorised can acquire entry. We recognized some suspicious exercise on Sunday and took motion to restrict entry,” Verma added.
TfL gives transportation providers to over 8.4 million metropolis residents by London’s floor, underground, and Crossrail (the Elizabeth line, collectively managed with the UK’s Transport Division) transport methods.
In July 2023, the transport company additionally confirmed that the Cl0p ransomware gang stole the contact particulars of roughly 13,000 clients after hacking one in every of its suppliers’ MOVEit managed file switch (MFT) servers (hosted exterior TfL’s methods) in Could 2023.