Transport for London hit by major cyber-attack; no customer data breached

Transport for London (TfL), responsible for the English capital’s public transportation network, has been hit with a significant cybersecurity incident.

Though specific details remain sparse, Shashi Verma, TfL’s chief technology officer, has assured the public that there is currently no evidence of customer data compromise.

“We have introduced a number of measures to our internal systems to deal with an ongoing cyber security incident. The security of our systems and customer data is very important to us, and we will continue to assess the situation throughout and after the incident.

“There is currently no impact to TfL services, and we are working closely with the National Crime Agency and the National Cyber Security Centre to respond to the incident,” he said.

The organisation’s corporate headquarters at Palestra House, Southwark, is thought to be the main site affected. Due to office mitigations, employees have been advised to work from home.

The organisation has been transparent in its communication, aiming to prevent misinformation and reassure the public, particularly given the ongoing nature of the attack.

Javvad Malik, lead security awareness advocate at KnowBe4, emphasised the need for ongoing vigilance, particularly for organisations managing public infrastructure.

“We also need to bear in mind that the main root causes which allow criminals to penetrate organisations are social engineering, unpatched software, or poor credentials. While it’s not certain how the breach at TFL occurred, it is quite likely one of these avenues would be the culprit,” he said.

Mayur Upadhyaya, CEO and co-founder of APIContext noted that the attack on TfL underscores the importance of securing all parts of an organisation’s IT infrastructure, not just those directly exposed to the public.

He added: “TfL’s response, including the work-from-home directive and enhanced security measures, underscores the need for preparedness and contingency planning to minimise the impact of cyber incidents. Such proactive steps are crucial for maintaining operational resilience and mitigating potential damage.

“In today’s interconnected world, APIs are the lifeblood of digital operations. Securing these gateways is paramount to preventing unauthorised access and data breaches. Regular security assessments, vulnerability management, and incident response planning are essential components of a robust cybersecurity strategy.”

The cyber-attack comes after a string of attacks on public services in recent months, including a June cyber-extortion attempt on the NHS by the Russian ransomware gang Qilin.

William Wright, chief executive of cybersecurity company Closed Door Security, added: “The big question people will also want to know is who carried out the attack and if it can be attributed to another country, like Russia. TfL was also attacked by Russia last year, so it definitely isn’t out of the realm of possibility.”

Last year, personal information was stolen in an attack by a Russian ransomware group.

Wright said: “Given Russia’s recent uptick in attacks on the West, it wouldn’t be surprising, but it is far too early to speculate.”