Transport for London (TfL) has restricted access to a number of its digital systems following last week’s cyber attack.
It said the incident, for which it raised the alert on 2 September, has not impacted its transport services and there is no evidence of any customer data being compromised.
But the agency has said many of its staff have limited access to systems and email and it has temporarily restricted access to some data sources.
These include customer journey history for pay as you go contactless customers, as well as limited access to some live travel data via apps, TfL Go and the TfL website, including next train information and the TfL JamCams.
“In addition, we have made the decision to temporarily restrict access to the photocard portal, which allows customers to apply for travel concessions, including the Zip Photocard, 16+ and 18+ Photocard and the 60+ Oyster photocard,” TfL added.
In addition, the booking system for Dial a Ride was also temporarily unavailable, but is now possible to make essential bookings again by phone and TfL is aiming to return a full call centre service in the coming days.
UPDATE: On the afternoon of 12 September TfL issued an update on the situation with a statement from its chief technology officer, Shashi Verma.
He said: "Although there has been very little impact on our customers so far, the situation continues to evolve and our investigations have identified that certain customer data has been accessed. This includes some customer names and contact details (including email addresses and home addresses where provided).
"Some Oyster card refund data may also have been accessed. This could include bank account numbers and sort codes for a limited number of customers. As a precautionary measure, we will be contacting these customers directly as soon as possible to advise them of the support we can provide and the steps they can take."
Verma added: “In addition, as part of the measures we have implemented to deal with the cyber incident, we have today put in place additional measures to improve our security. This includes an all-staff IT identity check. Throughout this planned process we have ensured that all safety critical systems and processes have been maintained.
“We do not expect any significant impact to customer journeys as we carry out this process. However, temporary and limited disruption is possible to some services so, as ever, please check before you travel.
“The security measures we are taking mean that it is now not possible for us to deliver the necessary system changes to enable 47 additional stations outside London to benefit from pay as you go with contactless on 22 September as planned. We are working with DfT and the Rail Delivery Group to reschedule and we apologise for the delay."
TfL has indicated that it will be contacting around 5,000 customers in relation to their data.
