Cyber security incident

Following the recent cyber incident, we have been working hard to restore both our internal and customer-focused systems which were impacted by measures introduced as part of our response. We are sorry for the inconvenience this incident may cause and thank you for your patience.

Significant progress has been made and applications for all Oyster photocards are now open.

You can now apply for a new 5-10, 11-15 and 16+ Zip Oyster photocard, 18+ Student Oyster photocard, 18-25 Care Leaver Oyster photocard, Apprentice photocard and 60+ London Oyster photocard.

Please continue to keep a record of fares paid as it is still our intention to refund customers for additional travel costs incurred during this incident and as a result of the issues with concessions.

Oyster photocards

We are now accepting applications for:

While children with expired 5-10 or 11-15 Zip Oyster photocards can continue to travel on TfL and National Rail services (where normally accepted) up until and including Tuesday 31 December 2024, parents and guardians are advised to apply for new photocards as soon as possible. Expired photocards will not be accepted for travel on from 1 January 2025.

The postponed 60+ Oyster yearly address checks will start again shortly, and we will write to you to let you know when to complete the check. Until then your photocard will keep working as normal.

Oyster and contactless

  • Online journey history for customers using contactless is currently unavailable through any of our platforms.
  • Online journey history for customers using Oyster cards is available on the Contactless and Oyster website
  • We're currently unable to register Oyster cards to customer accounts on our website or the Oyster and contactless app
  • We're currently unable to process payments on the Oyster and contactless app. You can still make payments on this website and in stations
  • We are able to process applications to replace lost Oyster photocards by phone. Please call us on 0343 222 1234 between 08:00-20:00 every day and select option 1 (charges may apply)

Refunds

  • We're currently unable to issue refunds for incomplete pay as you go journeys made using contactless, so always remember to touch in and out. Oyster customers can self-serve online on the Contactless and Oyster website
  • Please keep a record of fares paid as it is our intention to refund customers for additional travel costs incurred while our Oyster photocard website is unavailable
  • We will make a temporary change to keep data on journeys made using Oyster cards for longer than the usual 8/9 weeks, in order to support future customer refunds and access to journey history
  • Once new photocards have been issued, we will provide information on how to apply for refunds for any addition travel costs incurred due to not being able to apply for a photocard
  • We've now safely restored our Santander Cycles systems following the recent cyber incident. You may experience a delay to your response while we work to resolve the outstanding enquiries

Many of our staff have limited access to systems and, as a result, there will be some delays responding to any online enquiries

For the latest details on Oyster photocards, check our photocard applications page.

We are conducting a thorough investigation into the incident, alongside the National Crime Agency and the National Cyber Security Centre. Our investigations identified that certain customer data was accessed and we have contacted customers who have been affected. If you have received direct communication from us that your personal information was accessed and you would like to verify the contents of this communication, please speak to one of our customer services advisers on 0343 222 1234.

Always be alert to approaches from anyone claiming to have your data and to any other suspicious calls or emails, particularly if you are asked to provide personal or financial information.

If you are contacted by someone claiming to have your data, you should contact Action Fraud, the UK's national reporting centre for fraud and cybercrime, on 0300 123 2040.

The National Cyber Security Centre has further guidance for individuals and families on data breaches.

We will continue to keep you updated.

Last reviewed 20 November 2024