Share this article on:
London’s transport agency is currently investigating a cyber attack that, at this stage, has not yet affected any transport services.
Transport for London (TfL) issued a statement yesterday (2 September) saying that it had reached out to its customers and is currently investigating, but at this stage, there is no evidence of data being stolen.
“We are currently dealing with an ongoing cyber security incident. At present, there is no evidence that any customer data has been compromised, and there has been no impact on TfL services,” said TfL.
“The security of our systems and customer data is very important to us, and we have taken immediate action to prevent any further access to our systems.”
TfL added that it had reached out to the relevant authorities and informed them of the incident and that it will provide more information as the investigation proceeds.
Speaking with the BBC, TfL chief technology officer Shashi Verma echoed the statement, saying that the investigation is ongoing.
“We have introduced a number of measures to our internal systems to deal with an ongoing cyber security incident,” he said.
“The security of our systems and customer data is very important to us, and we will continue to assess the situation throughout and after the incident.
“Although we’ll need to complete our full assessment, at present, there is currently no evidence that any customer data has been compromised.
“There is currently no impact to TfL services, and we are working closely with the National Crime Agency and the National Cyber Security Centre to respond to the incident.”
At this stage, the nature of the incident is unknown, and no threat actors have come forward to claim responsibility.
TfL was affected by the major MOVEit supply chain attack last year, orchestrated by the Russian Clop ransomware gang.
While the company confirmed that its own systems were not compromised, it said that the contact detail data of roughly 13,000 customers was exfiltrated by the threat actors. Banking information was not compromised.