TfL Cyber Security Incident

[MikeWh]

Acceptance of expired 5-10 / 11-15 Zip cards has been extended to 31 December.

Cyber security incident in September 2024

Keep up to date on the latest investigations into the cyber security incident and our response

tfl.gov.uk

Indeed, and this tweet suggests things are moving: https://x.com/TfL/status/1849445683159282078

Following the recent cyber security incident, we have been working hard to restore our systems and hope to begin accepting applications for new photocards soon. In the meantime, TfL and the Train Operating Companies have agreed to extend the period where expired 5-10 and 11-15 Zip Oyster photocards will be accepted until 31 December 2024.

 

[davews]

London Underground status has reappeared on SWR's Journey Check page.

 

[Mawkie]

Applications for some Oyster photocards are open

We are taking a phased approach to re-opening applications for Oyster photocards to manage demand and process applications as quickly and efficiently as possible.


We are now accepting applications for:

• 18+ Student Oyster photocard
• 18-25 Care Leaver Oyster photocard
• Apprentice Oyster photocard

We aim to process applications as quickly as we can, but you may experience some intermittent availability of the photocard website, depending on the volume of demand.

 

[TUC]

It is very frustrating that journey history details for contactless users are still not available. Many people, including myself, need these for expenses claims that have to be made within a certain time limit. I recognise the cyber attack, but other organisations who have suffered this appear to have got back up and running quicker than TfL is doing.

 

[Russel]

It is very frustrating that journey history details for contactless users are still not available. Many people, including myself, need these for expenses claims that have to be made within a certain time limit. I recognise the cyber attack, but other organisations who have suffered this appear to have got back up and running quicker than TfL is doing.

On that note, have TFL indicated weather or not journey history during the outage will be available to view once the site is back up and running?

 

[markle]

deleted

 

[londonbridge]

Newsreader on Radio London said this morning that TFL are now able to process zip card applications and contactless refunds. I've just logged into my account to check something else and.........yes, journey and payment history is back! And to answer @Russel question, yes it's showing all your history and payments from the period when it was unavailable.

 

[markle]

deleted

 

[87 027]

Contactless history is working for me again in the TFL Oyster app

 

[Edvid]

Newsreader on Radio London said this morning that TFL are now able to process zip card applications and contactless refunds.

Contactless refunds still aren't possible yet, per TfL guidance.

I've just logged into my account to check something else and.........yes, journey and payment history is back! And to answer @Russel question, yes it's showing all your history and payments from the period when it was unavailable.

Not on the website yet, just the TfL Oyster app (Android certainly, not sure about iOS). Just checked my account and I've gained another 3 virtual listings of the same physical card - one of them has a journey from almost a year ago, which implies they're the virtual listings I (previously) failed to generate after de/reregistering the card. The journeys on two of them are too old (beyond the 12-month cut-off) to be listed.

Another listing (virtual, different card) has seemingly disappeared - possibly because I have 6 listings in total now.

 

[londonbridge]

@markle yes, sorry, should have said the app (iPhone), not the website.

@Edvid I’ve just listened back to it on BBC Sounds, I quote:

and it says it’s now able to process refunds for all customers who’ve paid more than they should to travel while it’s systems were down

One would assume that “all customers” includes those paying by contactless.

Salma El-Wardany - 21/11/2024 - BBC Sounds

Have your say on the day's news with Salma.

www.bbc.co.uk

Link to Radio London breakfast show to comply with forum referring to external sources requirements. Link is valid for thirty days from date of this post.

Quote given was from the 9:00am news so three hours in from start of programme.

 

[Edvid]

@Edvid I’ve just listened back to it on BBC Sounds, I quote:

and it says it’s now able to process refunds for all customers who’ve paid more than they should to travel while it’s systems were down

One would assume that “all customers” includes those paying by contactless.

Salma El-Wardany - 21/11/2024 - BBC Sounds

Have your say on the day's news with Salma.

www.bbc.co.uk

Almost certainly a (misphrased?) reference to holders of TfL-managed concessionary photocards now they're all back up. (Not looked for the quote myself as 4 hours of content is a lot to go through)

TfL's press release makes it clear that anyone seeking contactless refunds will have to continue to wait for their turn:

TfL hopes that it will be able to start processing refunds and corrections for journeys made using a contactless card or mobile device shortly and will keep customers up to date as this work progresses.

 

[Simon11]

Rather an amusing statement from TfL

"TfL hopes that it will be able to start processing refunds and corrections for journeys made using a contactless card or mobile device shortly and will keep customers up to date as this work progresses."

Throughout this whole period, it feels like there has been very little communication from TfL on timescales for these issues to be resolved. Then when they restart a process, we suddenly get communication out of the blue.

 

[Egg Centric]

Any updates on the criminal case from anywhere? Any likelihood of that before trial? Is the same lad still the prime suspect?

 

[Thirteen]

Topping up through the Oyster App is still not working, keeps getting a network error, it works if you use the TfL website.

 

[Joe Paxton]

Any updates on the criminal case from anywhere? Any likelihood of that before trial? Is the same lad still the prime suspect?

I imagine there won't be much more information in the public domain until there is a trial.

 

[Edvid]

Quote given was from the 9:00am news so three hours in from start of programme.

Thanks; hadn't noticed your update until today. The quote (shown below in full, for the record) is meant to be specific to Oyster (including Zip) card holders where refunds are concerned:*

Transport for London has reopened applications for Zip photocards for children and teenagers for the first time since September's cyber attack, and it says it’s now able to process refunds for all customers who’ve paid more than they should to travel while its systems were down.

Advice on contactless refunds (i.e. they're currently unavailable) same as it was last week.

[* Previous mistaken reference (of mine) to Zip cards only now corrected]

 

[Ivor]

Again I’ve logged in to my account via the TfL site but three months on cannot get any details re journey history or payments re contactless travel. I see some parts like refunds are back.

They became aware of suspicious activity on 1st Sept, why is this such a lengthy fix?

 

[35B]

Again I’ve logged in to my account via the TfL site but three months on cannot get any details re journey history or payments re contactless travel. I see some parts like refunds are back.

They became aware of suspicious activity on 1st Sept, why is this such a lengthy fix?

Ask the British Library why they’re still not properly fixed, much longer after their attack.

This stuff is complicated, needs doing with a lot of care to avoid the risk of infecting clean parts of the systems, and is often very restricted in who can know what about the systems and their state.

 

[Goldfish62]

Bus schedules are now up to date on the TfL website, having been frozen as of 2nd September.

Bus schedules

Search for a bus route number to find schedules for that route

tfl.gov.uk

Ask the British Library why they’re still not properly fixed, much longer after their attack.

This stuff is complicated, needs doing with a lot of care to avoid the risk of infecting clean parts of the systems, and is often very restricted in who can know what about the systems and their state.

And also attempted attacks have been ongoing since 2nd September.

 

[Mojo]

Consider also the fact that there are still some business-critical functions still unavailable to workers, meaning that some tasks are having to be completed with manual workarounds or just not done at all.

 

[Goldfish62]

Consider also the fact that there are still some business-critical functions still unavailable to workers, meaning that some tasks are having to be completed with manual workarounds or just not done at all.

I was told that of a couple of weeks ago roughly 50% of functions were still unavailable or had to be accessed by non-standard methods.

 

[markle]

deleted

 

[infobleep]

Consider also the fact that there are still some business-critical functions still unavailable to workers, meaning that some tasks are having to be completed with manual workarounds or just not done at all.

I was told that of a couple of weeks ago roughly 50% of functions were still unavailable or had to be accessed by non-standard methods.

Does anyone know what kind of functions are currently not available?

I understand if it can't be stated in public.

 

[Belperpete]

In many such breaches, the attacker will have been in their systems for months. It's exceptionally hard to restore to a last known "clean" state when you simply don't know when the last "clean" state is (or, it was so long ago that you no longer have the restored copies). The only way to can really be safe in those situations is to rebuild from scratch. Which takes time.

Even when you do have a known clean state, while going back to yesterday's backup is usually manageable, as most people can remember most of what they did in the last day, restoring to a backup significantly earlier than that can be very disruptive.

At a place that I worked, we once had to restore to a previous week's backup, and it caused complete chaos. Work that you had finished and forgotten, is suddenly not finished, perhaps not even started. Likewise information that you sent out to get others to do something is no longer sent, and the trigger that made you send it may also have gone.

 

[CyrusWuff]

Contactless journey history and self-service refunds are now available online and through the app once again.

Requests for incomplete journey refunds on Oyster that are more than eight weeks old need to be submitted through a web form.

 

[markle]

deleted

 

[35B]

Seems that the 8 week limit also applies for contactless journeys. I tried submitting a claim for a journey in September and got the error:



(And for context, I hadn't submitted any other claims! No obvious webform for contactless either. Edit: If you open up the journey details there's an option to "contact us about this journey")

I've had similar; I've entered a narrative text to say what I expect to happen

 

[Edvid]

Today's TfL presser:

Contactless journey history and refunds restored

Contactless journey history and refunds restored

tfl.gov.uk

As part of the measures implemented to deal with the incident, TfL took the difficult decision to temporarily restrict access to customers' contactless journey history while it undertook important security checks. With this reinstated, customers and TfL's customer services teams can now access both Oyster and contactless journey history, correct incomplete journeys and process service delay refunds if required.

Customers are warned that due to the expected backlog, there will be some delays in contacting TfL's customer services and/or receiving a final response. Customers are therefore advised to log into their online account to review their account first to see whether they can correct incomplete journeys and request refunds that way.

London Centric take on refunds, published 29 November:

Exclusive: Sadiq admits some TfL passengers may never be refunded after cyberattack

Plus: London's private schools told to stop suggesting it's easy to attend for free; the editor of the Standard quits to spend more time in £4,000-a-night hotels.

www.londoncentric.media

Sadiq Khan has told London Centric that some of the capital’s residents may never receive the refunds they are owed by Transport for London, after a cyberattack resulted in up to a million people being overcharged for their travel.

TfL’s customer service boss separately confirmed to us that it will not actively offer refunds to Londoners, instead asking people to manually apply for a refund for each journey they were overcharged.

The mayor of London admitted that, as a result of this policy, some “people who should have had free travel” over the last three months could be left out of pocket because they “may have lost their receipt and they may not claim it back”.

As for me personally - the "missing" card on my account (see post #160) is still listed on the website, so it looks like the app is limited to displaying 6 contactless listings; whether or not this changes when TfL Go eventually "absorbs" the Oyster app remains to be seen.

 

[Belperpete]

I submitted a claim for an Oyster overcharge (two journeys that should have been charged as one) that was acknowledged on 25 September. Any idea how long it is going to be for TfL to finally get around to addressing it, now that things seem to be up and running again?