Transport for London, the town’s public transportation company, revealed immediately that its employees has restricted entry to techniques and e-mail resulting from measures applied in response to a Sunday cyberattack.
On Monday, the transport authority reported the incident to related authorities companies (together with the Nationwide Cyber Safety Centre and the Nationwide Crime Company). It’s now working with them to reply, assess, and include the assault’s impression.
Up to now, an ongoing investigation has but to find proof that buyer info was compromised in the course of the incident.
“A lot of our employees have restricted entry to techniques and e-mail and, because of this, we could also be delayed or unable to answer your question or any webforms beforehand submitted,” TfL stated in a Friday replace.
“We’re presently unable to subject refunds for journeys made utilizing contactless playing cards, and Oyster clients must self-serve on-line.”
Whereas in-station and journey planning info stays accessible, Transport for London stated some reside journey knowledge (together with practice arrival info and TfL JamCams) is unavailable on some platforms, just like the official web site and the TfL Go app.
TfL has additionally suspended purposes for Oyster photocards, together with Zip playing cards, and pay-as-you-go contactless clients can now not view their on-line journey historical past.
“We apologise for any inconvenience that these momentary adjustments will trigger to some clients and are working to deliver these again on-line as rapidly as potential,” TfL’s Chief Expertise Officer Shashi Verma stated in a press release shared with BleepingComputer.
Earlier this week, the Dial-a-Trip reserving system was quickly unavailable resulting from inside measures taken to cope with the cyberattack. Nonetheless, in keeping with Verma, current bookings had been nonetheless honored.
Important bookings can now be made by telephone, and full name heart providers are anticipated to renew over the approaching days.
Regardless of the disruptions, TfL acknowledged that London’s transport community is working “as standard” and that the cyberattack has not affected public transport providers.
“The safety of our techniques and buyer knowledge is essential to us. We regularly monitor who’s accessing our techniques to make sure solely these authorised can achieve entry. We recognized some suspicious exercise on Sunday and took motion to restrict entry,” Verma added.
TfL offers transportation providers to over 8.4 million metropolis residents by means of London’s floor, underground, and Crossrail (the Elizabeth line, collectively managed with the UK’s Transport Division) transport techniques.
In July 2023, the transport company additionally confirmed that the Cl0p ransomware gang stole the contact particulars of roughly 13,000 clients after hacking one among its suppliers’ MOVEit managed file switch (MFT) servers (hosted outdoors TfL’s techniques) in Might 2023.
