Transport for London, town’s public transportation company, revealed at the moment that its workers has restricted entry to methods and electronic mail as a result of measures carried out in response to a Sunday cyberattack.
On Monday, the transport authority reported the incident to related authorities companies (together with the Nationwide Cyber Safety Centre and the Nationwide Crime Company). It’s now working with them to reply, assess, and include the assault’s impression.
To date, an ongoing investigation has but to find proof that buyer info was compromised throughout the incident.
“A lot of our workers have restricted entry to methods and electronic mail and, in consequence, we could also be delayed or unable to reply to your question or any webforms beforehand submitted,” TfL mentioned in a Friday replace.
“We’re at the moment unable to difficulty refunds for journeys made utilizing contactless playing cards, and Oyster clients should self-serve on-line.”
Whereas in-station and journey planning info stays accessible, Transport for London mentioned some reside journey knowledge (together with practice arrival info and TfL JamCams) is unavailable on some platforms, just like the official web site and the TfL Go app.
TfL has additionally suspended purposes for Oyster photocards, together with Zip playing cards, and pay-as-you-go contactless clients can now not view their on-line journey historical past.
“We apologise for any inconvenience that these momentary modifications will trigger to some clients and are working to convey these again on-line as shortly as doable,” TfL’s Chief Know-how Officer Shashi Verma mentioned in an announcement shared with BleepingComputer.
Earlier this week, the Dial-a-Trip reserving system was briefly unavailable as a result of inner measures taken to take care of the cyberattack. Nonetheless, based on Verma, current bookings had been nonetheless honored.
Important bookings can now be made by cellphone, and full name heart providers are anticipated to renew over the approaching days.
Regardless of the disruptions, TfL acknowledged that London’s transport community is working “as ordinary” and that the cyberattack has not affected public transport providers.
“The safety of our methods and buyer knowledge is essential to us. We regularly monitor who’s accessing our methods to make sure solely these authorised can acquire entry. We recognized some suspicious exercise on Sunday and took motion to restrict entry,” Verma added.
TfL supplies transportation providers to over 8.4 million metropolis residents by way of London’s floor, underground, and Crossrail (the Elizabeth line, collectively managed with the UK’s Transport Division) transport methods.
In July 2023, the transport company additionally confirmed that the Cl0p ransomware gang stole the contact particulars of roughly 13,000 clients after hacking certainly one of its suppliers’ MOVEit managed file switch (MFT) servers (hosted outdoors TfL’s methods) in Could 2023.