Transport for London, which manages public transport for the British capital, continues to experience technical disruptions from a cyberattack on September 1.
It reported the cyberattack at the beginning of September and since then has been working with government agencies including the National Cyber Security Centre and the National Crime Agency to investigate the incident and contain its impact.
Impact of the attack
“Many of our employees have limited access to systems and email. For this reason, there will be delays in responding to some previously submitted online forms,” TfL explained in an update on the website. Accordingly, no refunds can currently be issued for journeys made with contactless cards.
Even today, some live travel data is not available on some platforms, such as the official website and the TfL Go app. Information on train stations and travel planning, on the other hand, is still accessible.
However, according to TfL, the cyberattack did not affect public transport operations. Despite the disruptions, London’s transport network is working “as usual,” it said.
Is customer data affected?
On September 12, TfL updated its statement to note that, “although there has been very little impact on our customers so far, the situation is evolving, and our investigations have identified that certain customer data has been accessed. This includes some customer names and contact details, including email addresses and home addresses where provided.”
Data about refunds for some Oyster transport payment cards, including related bank account details for up to 5,000 customers, may also have been accessed, it said.
This is not the first incident involving customer data loss for London’s transport authority. In July 2023, the Clop ransomware gang (also known as Cl0p) had stolen the contact details of about 13,000 customers. At the time, the hackers exploited a vulnerability in the widely used MOVEit software at a supplier.