Transport for London, the government body overseeing the U.K. capital’s public transit system, said it is experiencing online outages due to an “ongoing cyber security incident” set to drag into the weekend.
TfL, which runs the London Underground (known as the Tube), buses and trams across London, said that while the city’s public transit system is “operating as usual,” several customer-facing systems are offline, including some ticketing systems and its online real-time Tube arrival information.
Details of the incident remain scarce. TfL disclosed the cyberattack on September 2, and said that it took action to “prevent further access to its systems.”
In a brief update on its website on Friday, TfL said it has no evidence yet that any customer data was compromised in the cyberattack.
TfL spokesperson Princess Mills declined to answer TechCrunch’s specific questions about the incident, including what evidence, such as logs, the organization has to determine if any data was stolen. TfL also declined to make the executive who oversees cybersecurity available for an interview.
In a brief statement attributed to TfL’s chief technology officer Shashi Verma, the transport network confirmed it “identified some suspicious activity on Sunday and took action to limit access.”
According to the cyber incident page as of Friday, TfL says, “many of our staff have limited access to systems and email and, as a result, we may be delayed or unable to respond to your query or any webforms previously submitted.”
According to sources speaking to BBC News, TfL employees have been told to work from home, as much of the organization’s back-office systems at its headquarters are affected.
A review by TechCrunch of TfL’s public-facing web infrastructure shows much of the organization’s systems are no longer online, or have been restricted from accessing the public internet, likely in an effort to isolate the intruders and prevent further access.
At the time of writing, TechCrunch found several TfL systems, including its employee log-on portal, were still accessible from the internet.
Updated with post-publish comment from TfL.
