TfL provides update on ongoing cyber security incident

06 September 2024

Shashi Verma, TfL's Chief Technology Officer, said:

'The security of our systems and customer data is very important to us. We continually monitor who is accessing our systems to ensure only those authorised can gain access.  We identified some suspicious activity on Sunday and took action to limit access.  A thorough investigation is currently taking place and we are working closely with the National Crime Agency and the National Cyber Security Centre to respond to the incident. 

'Internal measures to limit access remain in place and there remains no impact to our public transport services and no evidence that any customer data has been compromised. However, as part of the measures implemented to deal with the ongoing cyber security incident, we have temporarily restricted access to customer journey history for pay as you go contactless customers, as well as limited access to some live travel data via apps, TfL Go and the TfL website, including next train information and the TfL JamCams.

'In addition, we have made the decision to temporarily restrict access to the photocard portal, which allows customers to apply for travel concessions, including the Zip Photocard, 16+ and 18+ Photocard and the 60+ Oyster photocard. We apologise for any inconvenience that these temporary changes will cause to some customers and are working to bring these back online as quickly as possible. 

'Earlier this week, the booking system for Dial a Ride was also temporarily unavailable - although pre-existing bookings were still fulfilled - again as a result of the internal measures implemented by us. Essential bookings are now able to be made again by phone and we are looking to return a full call centre service in the coming days.

'We will continue to keep our customers and our staff updated on the incident as part of this ongoing work and thank them for their patience as we respond to this incident.'

For the latest information on the cyber security incident - visit https://tfl.gov.uk/campaign/cyber-security-incident