Transport for London cuts data feeds to travel apps amid cyber-attack

Gwyn Topham Transport correspondent
<span>Information on the Citymapper app. TfL is restricting access to some live travel data and customer services because of a cyber-attack.</span><span>Photograph: Samuel Gibbs/The Guardian</span>
Information on the Citymapper app. TfL is restricting access to some live travel data and customer services because of a cyber-attack.Photograph: Samuel Gibbs/The Guardian

Transport for London has cut some live data feeds serving travel apps such as Citymapper and TfL Go, as it deals with the cyber-attack that began last Sunday.

TfL said that while public transport services were running as normal and not directly affected, it was restricting access to live travel data and some other customer services including journey history and photocard registration as part of measures to tackle the breach.

A spokesperson confirmed that the cyber incident was not believed to be a ransomware attack, and no ransom demand had been made, despite speculation.

The decision to limit data has affected travel updates on TfL’s website and live journey planning apps, cutting feeds for times of next tube train departures and TfL JamCams showing traffic.

Platform information displays remain functioning as usual for passengers on the London Underground, as does the countdown service for bus users.

Online services such as applications for concessionary photocards including youth Zip cards and 60+ passes are temporarily down, as well as journey history for registered contactless cards.

However, the Dial-a-Ride service for disabled travellers has been partly restored.

TfL said there was still no sign that any customer’s details had been hacked.

Shashi Verma, TfL’s chief technology officer, said: “The security of our systems and customer data is very important to us. We continually monitor who is accessing our systems to ensure only those authorised can gain access.

“We identified some suspicious activity on Sunday and took action to limit access. A thorough investigation is currently taking place and we are working closely with the National Crime Agency and the National Cyber Security Centre to respond to the incident.

“Internal measures to limit access remain in place and there remains no impact to our public transport services and no evidence that any customer data has been compromised.”

Passengers were notified of the breach when it was announced on Monday. TfL’s main corporate headquarters at the Palestra building in Southwark are understood to be affected. Employees have been asked to work from home where possible, although a significant number remain in the office.

Verma added: “We will continue to keep our customers and our staff updated on the incident as part of this ongoing work and thank them for their patience as we respond to this incident.”

Advertisement