FOI request detail

WiFi Breaches

Request ID: FOI-2471-2122
Date published: 22 February 2022

You asked

- How many cyber a- How many cyber attacks have been launched on TfL public WiFi between 2016-2022. - How frequent are cyber attacks on TfL public WiFi? - Has data been stolen through cyber attacks/WiFi breaches? If so, how much in the past decade? - How much does it cost to run all the public WiFi at TfL sites across the capital for one calendar year?ttacks have been launched on TfL public WiFi between 2016-2022. - How frequent are cyber attacks on TfL public WiFi? - Has data been stolen through cyber attacks/WiFi breaches? If so, how much in the past decade? - How much does it cost to run all the public WiFi at TfL sites across the capital for one calendar year?

We answered

Our Ref:         FOI-2471-2122

Thank you for your request received on 1 February 2022 asking for information about WiFi breaches.

Your request has been considered in accordance with the requirements of the Freedom of Information Act and our information access policy. I can confirm we do hold the information you require. You asked:

•           How many cyber-attacks have been launched on TfL public WiFi between 2016-2022.
•           How frequent are cyber-attacks on TfL public WiFi?
•           Has data been stolen through cyber-attacks/WiFi breaches? If so, how much in the past decade?

In accordance with the FOI Act we are not obliged to supply this information as it is subject to a statutory exemption to the right of access to information under section 24 (National security) and section 31(1) (Prevention and detection of crime).

In this instance the exemptions apply as disclosure of the information you have requested would describe our current state of readiness to prevent and detect cyber-attacks and the success or failure of attempts by persons unknown to unlawfully access or disrupt our information networks, which are critical to the operation of London’s transport system. The London transport system is a critical piece of national infrastructure and as such we employ rigorous safeguards to protect it from cyber-attack. Like other organisations we are subject to regular attempted cyber-attacks. These attacks are unlawful under the Computer Misuse Act, and whilst the motive is not always apparent, we are aware of the risk to critical national infrastructure that may result from a successful attack.

We consider that releasing information about the type of attacks that we are able to detect would be likely to prejudice our efforts to prevent and detect future attacks and undermine our ability to safeguard the London transport network.

The use of these exemptions is subject to an assessment of the public interest in relation to the disclosure of the information concerned. We recognise the need for openness and transparency by public authorities, but in this instance we consider that there is greater public interest in safeguarding our information systems and protecting the integrity of the London transport network.

•           How much does it cost to run all the public WiFi at TfL sites across the capital for one calendar year?

The approximate cost of our WiFi service is £487,009. However the WiFi infrastructure is shared across public WiFi and corporate WiFi that is used by our staff. We are not able to split the cost as the same piece of equipment is used for both services. The WiFi will also share common components and connections with the wired (non-WiFi) network at our locations. As most of this would be in place even if we did not have WiFi these costs have not been included in the figure provided.

If this is not the information you are looking for please feel free to contact me.

Please see the attached information sheet for details of your right to appeal.

Yours sincerely

Gemma Jacob
Senior FOI Case Officer
FOI Case Management Team
General Counsel
Transport for London

[email protected]

Back to top

Want to make a request?

We'll email you the response within 20 working days.


We'll publish the response online without disclosing any personal information.