Share this article on:
The cyber attack on London’s transport system earlier this month has begun to affect services, with disabled passengers the first to be impacted.
Transport for London (TfL) announced on 2 September that it suffered a cyber attack, initially stating that its services were not impacted and there was no evidence that data had been stolen.
“We are currently dealing with an ongoing cyber security incident. At present, there is no evidence that any customer data has been compromised, and there has been no impact on TfL services,” said TfL in its first statement.
Now, the transport organisation has said that its Dial-a-Ride service has been impacted, limiting the number of disabled travellers able to get rides.
“Due to the ongoing TfL-wide cyber security incident, we are currently able to process only a limited number of essential booking requests,” said the short statement.
“In addition, many of our staff have limited access to systems and email and, as a result, we may be delayed or unable to respond to your query.”
Dial-a-Ride is a door-to-door travel service designed for those with “permanent or long-term disabilities”. Using accessible buses, it caters to those who are unable to use normal public transport.
According to Computer Weekly, TfL has since informed them that services have returned to normal.
“As a result of the internal measures we are taking as part of the cyber security incident, the booking system for Dial-a-Ride was temporarily down, although pre-existing bookings were still fulfilled,” TfL told Computer Weekly.
“We are now able to take essential bookings and hope the situation will further improve as the day goes on.”
Some customers are still facing issues with transport as a result of the incident, particularly those using Oyster cards or contactless to pay for trips, as well as those using apps for travel such as Citymapper.
TfL continues to provide little information on the incident, failing to reveal the nature of the incident or name the threat actor behind it.
TfL was affected by the major MOVEit supply chain attack last year, orchestrated by the Russian Clop ransomware gang.
While the company confirmed that its own systems were not compromised, it said that the contact detail data of roughly 13,000 customers was exfiltrated by the threat actors. Banking information was not compromised.