Cyberattack on TfL could have brought London to a standstill, experts warn – here’s how to tell if your personal data has been compromised

London’s public transport network narrowly avoided a complete standstill last night after TfL announced it had thwarted a cyberattack on its network.

Last night, the capital’s metro and bus operator announced that there was an “ongoing cybersecurity incident.”

TfL told MailOnline the agency had detected ‘suspicious activity’ on its systems and had taken steps to restrict the attacker’s access.

While the transport operator says there is currently no disruption to services, experts warn that attacks on critical infrastructure such as TfL could be “disastrous”.

Andrew Brown, software security expert at Propel Tech, told MailOnline: ‘TfL thwarted a massive cyber attack overnight which, had it been successful, could have crippled the city this morning.’

Transport for London has announced an ongoing cybersecurity incident that began last night and could cause widespread disruption to services including the London Underground

In a statement, TfL announced that they are 'currently dealing with an ongoing cybersecurity incident'

In a statement, TfL announced that they are ‘currently dealing with an ongoing cybersecurity incident’

At 18:50 BST, TfL sent an email to customers warning that the government agency was dealing with an ongoing cybersecurity incident.

As part of routine monitoring, TfL discovered that someone was attempting to gain unauthorised access to TfL systems. As a result, access controls were restricted.

Although TfL reacted quickly to prevent the attackers from penetrating the network, many experts believe this incident hit too close to home.

Mr Brown said: ‘The cyber security incident at TfL must be seen as a significant near miss in terms of cyber security.’

Given the vital role TfL plays in providing transport in the capital, a serious attack on its systems could have led to serious, widespread disruption.

Spencer Starkey, executive VP of cybersecurity company SonicWall, told MailOnline: ‘The consequences of an attack and the resulting outage of critical national infrastructure could be catastrophic.’

TfL reports that an unknown hacker was discovered attempting to gain unauthorised access to their systems and that measures were being taken to prevent further access

TfL reports that an unknown hacker was discovered attempting to gain unauthorised access to their systems and that measures were being taken to prevent further access

It appears the attack was successfully prevented before the attackers could cause any damage.

Shashi Verma, TfL’s Chief Technology Officer, said: “While we are yet to complete our full review, there is currently no evidence that any customer data has been compromised.

‘There is currently no impact on TfL services and we are working closely with the National Crime Agency and the National Cyber ​​Security Centre to respond to the incident.’

However, some cybersecurity experts believe that further disruptions will only become noticeable in the coming days.

Simon Newman, co-founder of Cyber ​​London, said: “While TfL has been quick to point out there is no evidence that customer data has been compromised, details of the incident are still emerging.”

A spokesperson for the National Cyber ​​Security Centre told MailOnline the agency is still working with TfL and law enforcement partners to ‘fully understand the impact of any incident.’

Experts warn an attack on TfL could bring London's public transport network to a standstill, causing widespread disruption

Experts warn an attack on TfL could bring London’s public transport network to a standstill, causing widespread disruption

According to Adam Pilton, Senior Cybersecurity Consultant at CyberSmart, there are also indications that “the attacker is still within their network.”

Mr Pilton said: ‘If you are a TFL customer, please ensure you stay up to date with the news regarding this attack. Additionally, please ensure you remain alert to any suspicious emails or messages you may receive in the coming days.’

TfL has not yet released details about the nature of the attack, but experts believe the attackers likely targeted the government agency itself rather than its customers.

Patrick Burgess of BCS, the Chartered Institute for IT’s Information Security Specialist Group, told MailOnline: ‘There is still little information available about what happened, but it appears the attack primarily affected TFL’s internal systems rather than those that deal directly with customers.

‘While we don’t know at this time, it is likely that the current attack is in the form of a ransomware attack, rendering some or all of their internal systems inaccessible.’

The identity of the attackers is unknown, but it is likely that their motivation was financial. There is currently no disruption to services, but experts suggest that more details could emerge in the coming days (stock image)

The identity of the attackers is unknown, but it is likely that their motivation was financial. There is currently no disruption to services, but experts suggest that more details could emerge in the coming days (stock image)

As companies are not required to inform customers about internal attacks, it is unusual for TfL to make this announcement.

Jake Moore, global cybersecurity advisor at ESET, told MailOnline: ‘TfL clearly has reason to believe this is a cyber attack, but it is strange that no data has been stolen.

Companies are attacked multiple times a day in the same way, but rarely disclose these attacks for fear of unknown consequences.

‘However, if an incident occurs that does not currently impact business operations, it is still wise to inform customers and staff as soon as possible should the situation change.’

To find out if your personal information has been compromised in a data breach or cyberattack before, you can use a breach monitoring tool such as Have I been hacked?

Simply enter your email address and the website will check your details against its database of leaked information.

If it turns out that your data has been compromised, you should change the passwords on all your accounts as soon as possible to prevent further attacks.

HOW TO CHECK IF YOUR EMAIL ADDRESS HAS BEEN COMPROMISED

Have I been hacked?

Cybersecurity expert and Microsoft regional director Tory Hunt runs ‘Have I been hacked?’.

On the website you can check if your email address has been compromised as a result of a data breach that has occurred.

If your email address appears, you will need to change your password.

Hacked passwords

To check if your password may have been compromised in a previous data breach, go to the site’s homepage and enter your email address.

The search function compares the information with data from historical data breaches that exposed this information.

If your password is exposed, you are at greater risk of becoming a victim of hacking attacks, fraud, and other cybercrime.

Mr Hunt built the site to help people check whether the password they want to use is on a list of known leaked passwords.

The site does not store your password alongside any personally identifiable information and each password is encrypted

Other safety tips

Hunt offers three easy-to-follow steps for better online security. First, he recommends using a password manager, such as 1Password, to create and store unique passwords for each service you use.

Next, enable two-factor authentication. Finally, stay informed of any breaches