Transport for London (TfL) has cut some live data feeds serving travel apps, such as Citymapper and TfL Go, in response to a cyber-attack that began last Sunday. While public transport services are operating as normal, TfL is restricting access to live travel data and certain customer services, such as journey history and photocard registration, as part of measures to handle the breach.
A spokesperson confirmed that the cyber incident is not believed to be a ransomware attack, and no ransom demand has been made, despite speculation. The decision to limit data has affected travel updates on TfL’s website and live journey planning apps, cutting feeds for times of the next tube train departures and TfL JamCams showing traffic. Nevertheless, platform information displays remain functional for passengers on the London Underground, as does the countdown service for bus users.
Online services, including applications for concessionary photocards such as youth Zip cards and 60+ passes, are temporarily unavailable. Journey history for registered contactless cards is also affected. However, the Dial-a-Ride service for disabled travellers has been partly restored. TfL stated that there is no indication that any customer details have been compromised.
Shashi Verma, TfL’s chief technology officer, stated: “The security of our systems and customer data is very important to us. We continually monitor who is accessing our systems to ensure only those authorised can gain access. We identified some suspicious activity on Sunday and took action to limit access. A thorough investigation is currently taking place and we are working closely with the National Crime Agency and the National Cyber Security Centre to respond to the incident.”
Internal measures to limit access remain in place without impacting public transport services. There is no evidence suggesting that any customer data has been compromised. Passengers were informed of the breach on Monday. TfL’s main corporate headquarters in Southwark are also affected, and employees have been advised to work from home where possible, although many continue to work from the office.
Verma added: “We will continue to keep our customers and our staff updated on the incident as part of this ongoing work and thank them for their patience as we respond to this incident.”
The situation continues to develop, and TfL is actively working with authorities to address and resolve the cyber-attack. Passengers and employees are being kept informed, and TfL is taking all necessary precautions to ensure the security of its systems and data.
