London’s transport authority has confirmed that several services are temporarily suspended, as it scrambles to respond to a cyber-attack that occurred a week ago.
Transport for London (TfL) first revealed news of the incident on the evening of September 2 but played down its impact on transport services in the capital.
However, an update on Friday noted that it had “taken immediate action to prevent any further access to our systems,” and that its “proactive efforts to protect our services and secure our systems and data” mean that various online capabilities are currently unavailable.
These include:
- Tube information isn’t available on the TfL Go app or website
- Applications for Oyster photocards and Zip cards have been suspended
- Pay-as-you-go contactless customers can’t currently access their online journey history
- TfL is unable to issue refunds for journeys made using contactless cards
- Oyster customers requiring refunds have been told to self-serve online
“Many of our staff have limited access to systems and email and, as a result, we may be delayed or unable to respond to your query or any webforms previously submitted,” said the transport authority.
In a separate announcement, TfL admitted that its door-to-door Dial-a-Ride service for those with long-term disabilities has also been disrupted.
“Due to the ongoing TfL-wide cybersecurity incident, we are currently able to process only a limited number of booking requests,” the notice read. “In addition, many of our staff have limited access to systems and email and, as a result, we may be delayed or unable to respond to your query.”
Read more on TfL cyber-attacks: TfL Suspends Oyster Site After Credential Stuffing Blitz
TfL runs the London Underground network, Docklands Light Railway, buses, taxis, river services and major road and cycle routes, as well as selected train services including London Overground and the Elizabeth Line.
It is currently working with the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to investigate the incident, which it said has not led to the compromise of customer or employee data.
Image credit: Andrei Antipov / Shutterstock.com