Cybercrime
,
Fraud Management & Cybercrime
,
Geo Focus: The United Kingdom
Transport for London on Monday Confirmed a Cybersecurity ‘Incident’
The transit authority serving metro London experienced a cyberattack that has led to subway riders experiencing problems with contactless payments for at least a second day.
See Also: Strengthening Your Security Program With Open API
Transport for London posted late Monday that is it “currently dealing with an ongoing cyber security incident.” There is no evidence of customer data loss, the authority said, adding that it took “immediate action” to stymie hackers from gaining further access to its systems.
An estimated 4 million journeys are made per day using the London Underground subway system, which is wholly owned by Transport for London. Service appears unaffected by the incident. The authority also oversees private sector transit, including buses and river ferries.
Several frustrated tube riders on Wednesday reported on social media platform X that they were experiencing issues with making contactless payments.
The Transport of London payment website says the authority is currently “doing maintenance for contactless.” It did not immediately respond to a request for comment. Sources familiar with the hacking incident told the BBC the attack affected the authority’s backroom systems at its corporate headquarters. Employees have been asked to work at home, the BBC said.
“We are working with Transport for London, alongside law enforcement partners, to fully understand the impact of an incident,” a U.K. National Cyber Security Center spokesperson told Information Security Media Group.
The incident is the latest in a series of hacks targeting the U.K.’s critical infrastructure in recent months. A June ransomware attack on a British National Health IT service provider forced London hospitals to postpone at least 1,500 medical appointments, and a cyberattack on Royal Mail last year disrupted mail deliveries across the country.