London transport company TfL hit by cyberattack

Transport for London (TfL) has revealed that it is dealing with an "ongoing cyber security incident" that is being investigated by the UK's National Crime Agency and National Cyber Security Centre.

There's little information yet about the damage caused by the breach, but initial reports suggest that customer data remains secure and the transport network remains fully operational. However, some media outlets have said TfL has asked some staffers to consider working from home while the situation is resolved.

"We have introduced a number of measures to our internal systems to deal with an ongoing cyber security incident," said TfL’s chief technology officer Shashi Verma in a statement. "The security of our systems and customer data is very important to us and we will continue to assess the situation throughout and after the incident.

It is the second major attack on London infrastructure this year, coming after a ransomware attack on pathology services provider Synnovis impacted patient care at Guy’s and St Thomas’ and King’s College Hospital NHS Foundation Trusts, as well as GP services in southeast London.

Key services like blood transfusions and tests could not be provided as a result, while hundreds of gigabytes of patient data were reportedly shared on the dark web. Reports suggest that Russian group Qilin was behind the attack.

According to the NCC Group consultancy, which monitors the cyber threat landscape, healthcare was the third most targeted sector for ransomware attacks globally in the first quarter of 2024, with 108 attacks that accounted for 10 per cent of the total. 

Last year, the UK government set out a strategy to protect the NHS and social care organisations from cyberattacks, with the aim of building resilience into systems by 2030.