Transport for London, town’s public transportation company, revealed as we speak that its workers has restricted entry to techniques and electronic mail on account of measures applied in response to a Sunday cyberattack.
On Monday, the transport authority reported the incident to related authorities businesses (together with the Nationwide Cyber Safety Centre and the Nationwide Crime Company). It’s now working with them to reply, assess, and include the assault’s impression.
Thus far, an ongoing investigation has but to find proof that buyer info was compromised throughout the incident.
“A lot of our workers have restricted entry to techniques and electronic mail and, in consequence, we could also be delayed or unable to reply to your question or any webforms beforehand submitted,” TfL mentioned in a Friday replace.
“We’re presently unable to subject refunds for journeys made utilizing contactless playing cards, and Oyster prospects should self-serve on-line.”
Whereas in-station and journey planning info stays accessible, Transport for London mentioned some dwell journey knowledge (together with practice arrival info and TfL JamCams) is unavailable on some platforms, just like the official web site and the TfL Go app.
TfL has additionally suspended functions for Oyster photocards, together with Zip playing cards, and pay-as-you-go contactless prospects can now not view their on-line journey historical past.
“We apologise for any inconvenience that these short-term modifications will trigger to some prospects and are working to carry these again on-line as rapidly as potential,” TfL’s Chief Know-how Officer Shashi Verma mentioned in a press release shared with BleepingComputer.
Earlier this week, the Dial-a-Trip reserving system was briefly unavailable on account of inner measures taken to take care of the cyberattack. Nonetheless, based on Verma, current bookings had been nonetheless honored.
Important bookings can now be made by telephone, and full name heart companies are anticipated to renew over the approaching days.
Regardless of the disruptions, TfL said that London’s transport community is working “as regular” and that the cyberattack has not affected public transport companies.
“The safety of our techniques and buyer knowledge is essential to us. We frequently monitor who’s accessing our techniques to make sure solely these authorised can achieve entry. We recognized some suspicious exercise on Sunday and took motion to restrict entry,” Verma added.
TfL offers transportation companies to over 8.4 million metropolis residents by way of London’s floor, underground, and Crossrail (the Elizabeth line, collectively managed with the UK’s Transport Division) transport techniques.
In July 2023, the transport company additionally confirmed that the Cl0p ransomware gang stole the contact particulars of roughly 13,000 prospects after hacking certainly one of its suppliers’ MOVEit managed file switch (MFT) servers (hosted exterior TfL’s techniques) in Could 2023.