Transport for London (TfL) is dealing with a cybersecurity incident that required an email to all on their mailing list.

In an email sent to SC UK, TfL’s Customer Information Team said it was “dealing with an ongoing” incident and there was “no evidence that any customer data has been compromised and there has been no impact on TfL services.” 

Immediate Action

TfL also said it had “taken immediate action to prevent any further access to our systems”, and a TfL source told SC UK that staff had been encouraged to work from home if possible.

Shashi Verma, TfL’s chief technology officer, said in a statement: “We have introduced a number of measures to our internal systems to deal with an ongoing cybersecurity incident. The security of our systems and customer data is very important to us and we will continue to assess the situation throughout and after the incident.

“Although we’ll need to complete our full assessment, at present, there is currently no evidence that any customer data has been compromised. There is currently no impact to TfL services and we are working closely with the National Crime Agency and the National Cyber Security Centre to respond to the incident.”

Honesty

Jake Moore, global cybersecurity advisor at ESET, praised TfL’s honesty in its messaging, as no data has been stolen and everything is working as it should. “Companies are targeted in a similar fashion multiple times a day but rarely announce their attacks due to fear of unknown repercussions,” he said. “Companies are required to notify customers when personal data is compromised but not if the matter remains an internal situation where customers are not affected.”

William Wright, CEO of Closed Door Security, said: “Given how little information has been released about this incident, it’s impossible to know what is happening at TfL. Fortunately, services don’t seem to have been impacted and, so far, all evidence suggests customer data hasn’t been compromised. 

“Given that so little information has been provided, there has been some negative conversation online with internet users wanting to know why TfL has even revealed the incident when it hasn’t impacted customer data or services. These are understandable questions, but TfL has a duty to report incidents, non-disclosure would be far worse.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.