TfL hit by major cyber attack as National Crime Agency launches investigation

Support truly
independent journalism

Support Now

Find out moreClose

Our mission is to deliver unbiased, fact-based reporting that holds power to account and exposes the truth.

Whether $5 or $50, every contribution counts.

Support us to deliver journalism without an agenda.

Louise Thomas

Editor

Transport for London (TfL) has revealed it is dealing with an “ongoing cyber security incident”.

The organisation, which is responsible for most of London’s transport network, has not shared specific details of the incident but said there was no evidence customer data has been compromised.

It said it had called in the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to establish the damage caused by the breach.

Shashi Verma, TfL’s chief technology officer, said: “We have introduced a number of measures to our internal systems to deal with an ongoing cyber security incident.

“The security of our systems and customer data is very important to us and we will continue to assess the situation throughout and after the incident.

“Although we’ll need to complete our full assessment, at present, there is currently no evidence that any customer data has been compromised. There is currently no impact on TfL services and we are working closely with the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to respond to the incident.”

The statement came after a similar message was sent out to customers on Monday evening.

A spokesperson for the NCA said: “We are aware of a cyber security incident involving Transport for London (TfL), and are working closely with the National Cyber Security Centre, and with TFL itself, to respond to it.

“The investigation is ongoing, and we are unable to comment further.”

A spokesperson for the NCSC confirmed it was working with TfL and law enforcement partners “to fully understand the impact of an incident”.

It comes following a major cyber attack on the NHS in June, which led to more than 10,000 appointments being cancelled.

Synnovis, which provides pathology services on blood tests, primarily in south-east London, was the victim of a cyber attack – understood to have been carried out by Russian group Qilin – on 3 June.

Synnovis also revealed at the time it had to cancel testing for 20,000 blood samples across 13,5000 patients received since 16 June as it could test them, so samples have “degraded”. 

According to the BBC, the cyber criminal group shared almost 400GB of data – including patient names, dates of birth, NHS numbers and descriptions of blood tests – on its darknet site and Telegram channel.