An independent investigation in the cyber-attack on Transport for London (TfL) to look at its response.

According to the Evening Standard, papers ahead of an upcoming board meeting stated: “Given the nature and scale of the cyber incident, an independent review will be conducted to consider the circumstances surrounding the incident and the impact, our response to the incident, and whether further improvements are needed to our cybersecurity strategy, taking into consideration existing initiatives that are in progress.”

The papers also stated that “as the cyber incident is ongoing and the subject of a criminal investigation by the NCA the review may be undertaken in phases.” Although partners (including the NCSC, NCA and Microsoft) stated that TfL “responded well to the incident and disrupted the attack to some extent, potentially preventing a far worse outcome.”

Investigation Ongoing

So far the investigation has identified that some limited customer data was accessed, with around 5,000 customers whose bank account details were accessed as a precautionary measure to offer them support and guidance.”

While the investigation is still ongoing, TfL’s chief technology officer, Shashi Verma said it is working to process all applications as quickly as possible and have already processed and dispatched more than 30,000 18+ Oyster student photocards, more than 10,000 60+ Oyster photocards and nearly 600 Apprentice photocards since the applications reopened.

Contactless Unavailable

However a source informed SC UK that the contactless website is still unavailable, affecting claims on delay repay and travel expenses, and downloads of your travel history. The website states the page being down “is due to our ongoing response to a cybersecurity incident.”

In an email to SC UK, a TfL spokesperson said: “As part of the measures we have implemented to deal with the ongoing cybersecurity incident, we have temporarily restricted access to online journey history for pay as you go with contactless customers, and we are also currently unable to process refunds.

“We apologise for any inconvenience this causes customers. TfL intends to refund customers who have paid more for their travel than they should have, including those journeys paid for due to TfL not being able to accept new photocard applications. 

“Customers are recommended to keep a record of any fares that they feel should be refunded. TfL’s systems will show where customers have received maximum fares for incomplete journeys and customers will be able to then correct these once the system is available. Customers are reminded to always touch in and out with the same contactless card or mobile device in order to avoid a maximum fare.

“As a temporary measure to assist customers, we are extending the length of time we keep information about individual journeys made using an Oyster card beyond the standard eight/nine weeks. This will support future customer refunds and access to journey history once they are available again.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.