10 September 2024
Transport for London is battling an ongoing cyber-attack, cutting some live data feeds to travel apps like Citymapper and TfL Go and restricting access to some other online customer services.
TfL restricted online access to services such as journey history for registered contactless cards and photocard registrations, including youth Zip cards and 60+ passes, as part of its efforts to deal with the attack.
Travel updates on TfL’s website and live journey planning apps were also affected, as were feeds listing times of tube train departures and TfL JamCams traffic cameras.
The organisation has not released details about the attack, which began on 1 September, other than a brief media statement. Customers were advised of the hack on 2 September.
TfL chief technology officer Shashi Verma said internal measures to limit network access remained in place and that travel services had not been affected. He said that there was “no evidence that any customer data has been compromised.”
"Cyberattacks on national infrastructure, such as the ongoing incident impacting Transport for London (TfL), highlight the significant vulnerabilities and potential consequences that these organisations face. An attack of this nature can disrupt not just transportation services, but the daily lives of millions of people, potentially bringing a city like London to a standstill. The ripple effects can extend to economic activities, emergency response capabilities, and public safety, highlighting the critical nature of maintaining operational continuity,” said John Murray, CTO, virtualDCS. “This situation demonstrates the importance of having robust, comprehensive, and well-tested Disaster Recovery (DR) and incident response plans in place. Organisations like TfL must prioritise cybersecurity and invest in advanced defence mechanisms to protect against evolving threats. Regular drills, continuous monitoring, and rapid response capabilities are essential to mitigate the risks associated with such attacks and ensure the resilience of vital public services. The current incident serves as a stark reminder that preparedness is key to maintaining public trust and safeguarding the infrastructure that supports everyday life.”
