TfL Cuts Data Feeds Amidst Cyber-Attack Fallout

Transport for London continues to grapple with the effects of an ongoing cyber-attack, cutting some live data feeds to travel apps such as Citymapper and TfL Go and restricting access to some other online customer services.

The Dial-a-Ride service for disabled travellers was temporarily halted last week as staff were unable to keep up with bookings due to the network restrictions, but the service has now been partly restored, TfL said.

TfL restricted online access to services such as journey history for registered contactless cards and photocard registrations, including youth Zip cards and 60+ passes, as part of its efforts to deal with the attack.

Travel updates on TfL’s website and live journey planning apps were also affected, as were feeds listing times of tube train departures and TfL JamCams traffic cameras.

Data restrictions

Information screens on platforms were functioning normally, as were countdown screens for bus users.

Industry experts have said TfL’s responses suggest a ransomware attack, but a spokesperson told The Guardian on Friday that this was not believed to be the case.

The organisation has not released details about the attack, which began on 1 September, other than a brief media statement.

Customers were advised of the hack on Monday, 2 September.

TfL chief technology officer Shashi Verma said internal measures to limit network access remained in place and that travel services had not been affected.

He added that there was “no evidence that any customer data has been compromised”.

TfL staff at the organisation’s main headquarters in Southwark have been asked to work from home if possible due to the internal restrictions.

Mitigation measures

A person claiming to work for TfL wrote on Reddit that Wi-Fi had been disabled in its offices, making it difficult to be productive.

A significant number of staff remain on the premises, the Guardian reported.

The Information Commissioner’s Office (ICO), which oversees data breaches, said TfL had “made us aware of an incident and we are assessing the information provided”.

Mark Robertson, chief revenue officer of Acumen Cyber, said TfL’s response suggested it had an incident response plan in place.

“Other organisations should learn from this,” he said. “Don’t just focus on defences, also focus on preparation. No security tools are bulletproof.”