"An utter shitshow": Inside the Transport for London cyberattack
A special edition of London Centric looking at what's gone wrong at Transport for London — and whether the disaster recovery is as positive as they say.
It’s almost two months since Transport for London’s systems were hacked and many Londoners are still experiencing major disruption to their lives as a result. Although operational systems were largely unaffected by the cyberattack, meaning tube and bus services have continued to run, one senior TfL executive told London Centric that behind the scenes it has been “an utter shitshow”.
As many as a million holders of discount travel cards, a system that is set up to help the cities’ most financially stretched people, have been affected. Hundreds of thousands of Londoners are being overcharged for travel, while London Centric spoke to one teenager who is having to skip meals because of cashflow issues brought on by the cyberattack.
With only limited information released to the public about the ongoing impact, TfL has sought to portray its response as “well-managed”. Details of the hack has been tightly controlled and even London’s politicians, who are supposed to have oversight of TfL, have been told few details about the incident.
Now, an investigation by London Centric can reveal:
TfL was targeted by an additional wave of previously unreported attempted cyberattacks in the aftermath of the initial incident, as hackers rushed to exploit weaknesses in London’s critical infrastructure.
There is no indication that police are seeking any suspects other than a 17-year-old male arrested four days after the cyberattack in Walsall, near Birmingham.
Cybersecurity experts claim TfL’s software may have not been up to scratch, with some public-facing systems coded to be compatible with long-defunct browsers such as Internet Explorer 6.
Sadiq Khan’s office and the Greater London Authority outsourced their IT services to TfL this summer, meaning they were also badly impacted, paralysing services at the top of the capital’s devolved government.
Teenagers entitled to free travel are being asked to keep a record of their journeys and reclaim the cost from TfL at an unknown later date, essentially asking the capital’s young people to stump up interest-free loans worth millions of pounds.
Small businesses have been left out of pocket due to late payment of invoices.
There is an expectation among TfL staff that millions of pounds of overcharged fares may never be reclaimed by passengers.
Subscribers to Santander Cycles have been left with hundreds of pounds in wrongly-applied fines, with no ability to access refunds or use their accounts for the service.
Keep reading with a 7-day free trial
Subscribe to London Centric to keep reading this post and get 7 days of free access to the full post archives.