Transport for London (TfL) has confirmed it is dealing with a "cybersecurity incident" which has forced it to deploy "a number" of remedial measures to its internal system.
The severity of the incident is yet to be confirmed officially, although tube services in the capital do not appear to be affected.
However, TfL has released a statement reassuring customers that their data is not believed to have been compromised. There does appear to have been any impact to services.
All signs point to some sort of issue with backend systems, although it's not yet clear whether TfL has been hit by ransomware.
Both the National Crime Agency (NCA) and National Cyber Security Centre have been informed about the attack.
On X, Telegraph transport correspondent (and respected British tech journalist) Gareth Corfield reported that TfL had not received a ransom demand and claimed the incident was not being treated as a cyberattack.
The BBC has reported that staff have been asked to work at home if possible. It also said "backroom systems at the corporate headquarters" are "mainly affected."
Shashi Verma, CTO, told the broadcaster: “We have introduced a number of measures to our internal systems to deal with an ongoing cyber security incident."
He added: "The security of our systems and customer data is very important to us and we will continue to assess the situation throughout and after the incident.
"Although we’ll need to complete our full assessment, at present there is currently no evidence that any customer data has been compromised.
"There is currently no impact to TfL services and we are working closely with the National Crime Agency and the National Cyber Security Centre to respond to the incident.”
TfL's 2024 business plan commits to a technology budget of £214m for 2024/2025, specifically mentioning improving cyber security as a priority.
Last year, the TfL Programmes and Investment Committee allocated £0.8 million during 2023/ 2024 to fund "the development of detailed plans for meeting cyber security requirements" and "implementing options towards achieving Cyber Security Compliance".
It also announced a £0.2 million spend on "reviewing penetration test results", providing security training, upgrading system firewalls and carrying out a security assessment.
Spencer Starkey, Executive VP of EMEA at cybersecurity leaders SonicWall, told The Stack that incidents like the TfL attack remind us that "safeguarding critical national infrastructure is vital to maintain order and prevent potential disasters".
"These cyberattacks raise concerns about national security as well as the safety of sensitive information," he said.