Earlier this week, Transport for London (TfL) revealed it was battling a major cyberattack.
Now, it has been forced to shut down a Dial-a-Ride service that is a lifeline for people who cannot access public transport, offering them door-to-door bus rides across the capital.
The outage has led to speculation that TfL has been hit by ransomware. However, when asked directly, TfL said it had not yet been asked to pay a ransom.
In a post on the Dial-a-Ride website, TfL revealed details of a new IT challenge: problems with the service's booking system.
"Due to ongoing TfL-wide cyber security incident, we are unable to process any new booking requests," TfL announced.
"In addition, many of our staff have limited access to systems and email and, as a result, we may be delayed or unable to respond to your query."
TfL told us that Dial-a-Ride was temporarily down, although pre-existing bookings were still fulfilled. The service is being fixed and is now able to take "essential bookings", with the situation expected to improve later today.
How is TfL dealing with the cyberattack?
To address the situation, TfL has implemented "internal measures" that remain in place. There is also no apparent impact on other services, and TfL insists there is no evidence that suggests any customer data has been compromised.
"The security of our systems and customer data is very important to us," TfL told us. "We are continually monitoring who is accessing our systems to ensure only those authorised can gain access.
"As part of that monitoring, we identified some suspicious activity and took action to limit access. A thorough investigation is current taking place and we are working closely with the National Crime Agency and the National Cyber Security Centre to respond to the incident."
Mark Robertson, CRO of Acumen Cyber, told The Stack that the downing of Dial-a-Ride suggests the wider cybersecurity incident "could be more serious than was initially thought."
"No new bookings can be made, which will have a serious impact on citizens with disabilities across London, while employees also appear to only have limited access to email and systems, which is causing delays to customer service.
"While we still can’t say for sure what has taken place, this does again point the finger towards ransomware. However, until TfL provides a more detailed update, we can’t say for sure what incident the transport network is facing, or who carried it out."
The fact that all tube services seem to be running as normal also shows TfL has been "able to prevent the incident from having an operational impact." he continued.
This could mean TfL had already prioritised incident response planning to help the organisation prepare for cyber attacks and limit their impact. Which is always a wise move...
Get in touch with jasper@thestack.technology if you know anything about the incident.
MORE TO FOLLOW - THIS STORY IS BEING UPDATED