Transport for London, the town’s public transportation company, revealed at this time that its employees has restricted entry to methods and e-mail resulting from measures carried out in response to a Sunday cyberattack.
On Monday, the transport authority reported the incident to related authorities businesses (together with the Nationwide Cyber Safety Centre and the Nationwide Crime Company). It’s now working with them to reply, assess, and include the assault’s affect.
To this point, an ongoing investigation has but to find proof that buyer data was compromised through the incident.
“A lot of our employees have restricted entry to methods and e-mail and, consequently, we could also be delayed or unable to answer your question or any webforms beforehand submitted,” TfL stated in a Friday replace.
“We’re at present unable to difficulty refunds for journeys made utilizing contactless playing cards, and Oyster prospects must self-serve on-line.”
Whereas in-station and journey planning data stays accessible, Transport for London stated some reside journey information (together with practice arrival data and TfL JamCams) is unavailable on some platforms, just like the official web site and the TfL Go app.
TfL has additionally suspended functions for Oyster photocards, together with Zip playing cards, and pay-as-you-go contactless prospects can not view their on-line journey historical past.
“We apologise for any inconvenience that these short-term adjustments will trigger to some prospects and are working to convey these again on-line as rapidly as doable,” TfL’s Chief Expertise Officer Shashi Verma stated in an announcement shared with BleepingComputer.
Earlier this week, the Dial-a-Trip reserving system was quickly unavailable resulting from inner measures taken to take care of the cyberattack. Nonetheless, in response to Verma, present bookings have been nonetheless honored.
Important bookings can now be made by telephone, and full name middle companies are anticipated to renew over the approaching days.
Regardless of the disruptions, TfL said that London’s transport community is working “as normal” and that the cyberattack has not affected public transport companies.
“The safety of our methods and buyer information is essential to us. We frequently monitor who’s accessing our methods to make sure solely these authorised can achieve entry. We recognized some suspicious exercise on Sunday and took motion to restrict entry,” Verma added.
TfL offers transportation companies to over 8.4 million metropolis residents by means of London’s floor, underground, and Crossrail (the Elizabeth line, collectively managed with the UK’s Transport Division) transport methods.
In July 2023, the transport company additionally confirmed that the Cl0p ransomware gang stole the contact particulars of roughly 13,000 prospects after hacking considered one of its suppliers’ MOVEit managed file switch (MFT) servers (hosted exterior TfL’s methods) in Might 2023.