Transport for London (TfL), the organisation responsible for managing the city's transportation network, is currently investigating a cyber security incident that is still ongoing. As of now, there has been no disruption to its services, and TfL reassures customers that there is no evidence to suggest that their personal information has been compromised.
No Evidence of Compromised Customer Data
In a recent communication to customers via email and an official statement posted online, TfL's Customer Information Team stated, "We are currently dealing with an ongoing cyber security incident. At present, there is no evidence that any customer data has been compromised and there has been no impact on TfL services."
The incident has been reported to relevant government bodies, including the National Crime Agency and the National Cyber Security Centre. TfL is actively collaborating with these agencies to contain the situation and mitigate any potential risks. The organisation has emphasised that the security of its systems and the protection of customer data remain a top priority.
"We have taken immediate steps to prevent any unauthorised access to our systems," TfL stated. "A number of protective measures have been implemented to strengthen our internal systems against this ongoing cyber security threat," added Shashi Verma, TfL's Chief Technology Officer, in a statement to the BBC.
Previous Cyber Attacks on TfL
This is not the first time TfL has been targeted by cybercriminals. In July of last year, the agency confirmed that the Cl0p ransomware gang had breached one of its suppliers' MOVEit managed file transfer (MFT) servers in May 2023. Although this server was hosted outside of TfL's own systems, the Russian-based cybercriminals managed to steal contact details for approximately 13,000 customers. Fortunately, no banking information was compromised during that breach.
TfL’s Resilience and Cyber Security Commitment
TfL clarified that while the MOVEit software is also used internally, it was not compromised in this incident.
TfL is divided into three main sectors overseeing London's surface transport, underground network, and Crossrail (the Elizabeth line, which is jointly managed with the UK's Department for Transport). The organisation provides services to over 8.4 million residents in the city, making cyber security a critical aspect of its operations.
As the investigation continues, TfL remains vigilant in safeguarding its infrastructure and customer data against cyber threats. Customers are encouraged to stay informed through official TfL communication channels for any updates regarding the incident.
