Transport for London does not know how long it will take to recover from a “very sophisticated and direct” cyber attack, its chief technology officer has revealed.
Speaking to the Evening Standard on Friday, Shashi Verma, a member of Transport for London's Executive Committee, said the capital’s public transport organisation had “all hands to the pump”, with about 2,000 staff working to remedy the hack on its computer systems.
As an interim measure, TfL is asking bus drivers not to refuse to allow children to travel for free if they do not possess a valid Zip Oyster card.
Due to TfL having “disconnected” much of its “back office” computer systems to halt the attack, it is currently unable to accept new applications for photocards such as the Zip card, which gives free bus travel for children and teenagers and cheaper “child” fares on the Tube, and 60+ Oyster used by older Londoners.
A 17-year-old teenager was revealed on Thursday to have been arrested in Walsall by the National Crime Agency a week earlier, on September 5, in connection with the cyber attack on TfL on September 1.
Asked by the Standard how long it would take TfL to get its website fully operational, Mr Verma said: “I can’t answer that question. It’s been all hands to the pump to get to this point.”
It came as NHS England’s London region announced on Friday that two of the capital’s biggest hospital trusts, Guy’s and St Thomas’ and King’s College Hospital, continue to have to postpone appointments 14 weeks after a ransomware cyber attack on pathology services provider Synnovis.
But how can you know if you have been affected? Here is all we know:
What was leaked?
Transport for London confirmed that certain customer data has been accessed in the breach. This includes some customer names and contact details, including email addresses and home addresses.
About 5,000 people have had their bank details exposed in the hack. TfL added: “Some Oyster card refund data may also have been accessed. This could include bank account numbers and sort codes for a limited number of customers. As a precautionary measure, we will be contacting these customers directly as soon as possible to advise them of the support we can provide and the steps they can take.”
How do I know if my information was leaked?
If your bank details were breached, you should be notified.
TfL said: “If you are affected, we will contact you directly as soon as possible as a precautionary measure, and will offer you support and guidance.
We are doing all we can to protect our services and secure our systems and data. Our proactive measures mean that:
- Live Tube arrival information is not available on some of our digital channels, including TfL Go and the TfL website. In-station and journey planning information is still available
- Applications for new Oyster photocards, including Zip cards, have been temporarily suspended. If you want to replace a lost photocard then call us on 0343 222 1234 between 08:00-20:00 every day and select option 1 (charges may apply)
- If you have been unable to apply, please continue making your journeys as usual and keep a record of any fares you've paid. We may be able to arrange a refund once the cyber security incident has been resolved and you get a new photocard
- If you travel using a contactless payment card, you won't be able to access your online journey history
- Currently, we are unable to issue refunds for incomplete pay-as-you-go journeys made using contactless, so always remember to touch in and out. Oyster customers can self-serve online
- Many of our staff have limited access to systems and, as a result, there will be some delays responding to any online enquiries”