TfL has reported a cyber-attack on its systems, which it claims it is managing. The attack was reported on Monday evening, and TfL released a short press statement. That statement said it was dealing with an ongoing incident, but there was no evidence that customer data had been compromised. It also said that there was no impact on its services.
Shashi Verma, TfL’s Chief Technology Officer, said: “We have introduced a number of measures to our internal systems to deal with an ongoing cyber security incident. The security of our systems and customer data is very important to us and we will continue to assess the situation throughout and after the incident.
“Although we’ll need to complete our full assessment, at present, there is currently no evidence that any customer data has been compromised. There is currently no impact to TfL services and we are working closely with the National Crime Agency and the National Cyber Security Centre to respond to the incident.”
What do we know?
At the moment, there is little beyond the initial press statement. According to the TfL website, services are running normally, and there seems to be no problem with its website. In addition, payment systems all seem to be running normally. That includes Oyster cards, payment machines, and online payments for the congestion charge and ULEZ.
Office-based staff are working from home, which suggests that the main systems are working and staff can connect remotely. The customer phone lines are also working, and there are no reports of unexpected long wait times. TfL has also not advised customers to change their passwords or implemented a forced password reset when they log in.
All of this is extremely positive. Whatever systems are affected, TfL seems to have contained them.
Enterprise Times: What does this mean?
Any cyber-attack on a business is disruptive, and the severity of an attack is as much about the response as the type of attack itself.
In this case, it appears that TfL caught the attack early and took immediate action to ringfence the affected systems. It has also enacted its cyber resiliency plan, which has kept its systems and services fully functional. It has also escalated the response to the NCA and NCSC, which will bring significant resources to help resolve the issue.
TfL has a complex IT infrastructure, including cloud-based services and several third-party suppliers delivering services on its behalf. None of them are currently reporting a cyber-attack, which suggests that the attack hasn’t come from or migrated to their systems.
Once the incident is declared over, the finer details of how this occurred and was handled will be examined. This will include the speed and effectiveness of the response and how the attack started. So far, this has been a textbook example of how to deal with a potentially damaging attack.