Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Evening Standard
Evening Standard
World
Nicholas Cecil

London transport chiefs restrict access to photocard portal for 60+ Oyster and other cards after cyber attack

Transport chiefs in London are restricting access to a photocard portal for Oyster 60+ and other travel concessions after a cyber attack.

The incident, which first became public on Monday evening, has largely not affected people who use the transport system in the capital.

But the transport bosses have now decided to temporarily restrict access to the photocard portal, which allows customers to apply for travel concessions, including the Zip Photocard, 16+ and 18+ Photocard and the 60+ Oyster photocard, as the investigation continues into the cyber targeting.

In an updated statement, Shashi Verma, TfL’s Chief Technology Officer, said: “There remains no impact to our public transport services and no evidence that any customer data has been compromised.

“However, as part of the measures implemented to deal with the ongoing cyber security incident, we have temporarily restricted access to customer journey history for pay as you go contactless customers, as well as limited access to some live travel data via apps, TfL Go and the TfL website, including next train information and the TfL JamCams.

“In addition, we have made the decision to temporarily restrict access to the photocard portal, which allows customers to apply for travel concessions, including the Zip Photocard, 16+ and 18+ Photocard and the 60+ Oyster photocard.

“We apologise for any inconvenience that these temporary changes will cause to some customers and are working to bring these back online as quickly as possible.”

Earlier this week, the booking system for Dial a Ride was also temporarily unavailable, though pre-existing bookings were still fulfilled.

Bookings which are “essential” are now able to be made again by phone and transport chiefs are looking to return a full call centre service in the coming days.

TfL computer systems are “continually” monitored to see who is accessing them and to ensure only those authorised can gain access.

Suspicious activity was identified on Sunday and action was taken to limit access.

TfL called in the National Crime Agency and the National Cyber Security Centre as part of its investigation into the incident.

Technology experts are working to establish the damage caused by the breach, with internal measures in place to restrict access.

Some TfL staff were advised to work from home, if that meant it was easier to carry out their roles, as it deals with the cyber attack.

The organisation’s corporate headquarters at Palestra House, Southwark, is thought to be the main location affected.

A spokesperson for the NCA said earlier this week: “We are aware of a cyber security incident involving Transport for London, and are working closely with the National Cyber Security Centre and with TfL itself to respond to it.”

In the summer a cyber attack led to more than 10,000 NHS appointments being cancelled.

Pathology services provider Synnovis was targeted by Russian gang Qilin on June 3, with hackers reportedly obtaining confidential medical information and blood test results of more than 100,000 patients, a court was told.

The ransomware attack saw appointments cancelled at two London NHS trusts and prompted a warning that parts of the NHS’s IT system are “out of date” and at risk of further hacking.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.