TfL Cyber Attack: Expired Zip Oyster cards to be accepted while issues continue
and on Freeview 262 or Freely 565
TfL has had to suspend online applications for Zip Cards and the 60+ Oyster card since it spotted on September 1 that its website had been targeted by hackers.
Advertisement
Hide AdAdvertisement
Hide AdZip cards, which offer free bus travel and half-price Tube and train travel to children aged 11-15 and students aged 16-17, normally expire on September 30 and have to be renewed.
TfL has extended the deadline until October 31 and has advised children and students to continue to use their existing Zip cards, even once they expire.
Advertisement
Hide AdAdvertisement
Hide AdBus drivers have been told to allow children and teenagers to board without a valid Zip card, and Tube station and National Rail staff have been given similar instructions.
Last month, a 17-year-old boy was arrested over the hack, which accessed customer names, emails, home addresses and potentially Oyster refund data, including bank account numbers and sort codes.
TfL has also had to suspend the roll-out of contactless ticketing to 47 stations outside Greater London delayed “to a later date”. TfL is also unable to issue refunds for incomplete pay-as-you-go journeys made using contactless.
Advertisement
Hide AdAdvertisement
Hide AdThe mayor of London, Sadiq Khan has suggested that the impacts of the cyber-attacks could soon be resolved.
“The fact that, actually, the inconvenience Londoners have suffered has not been as bad as it could have been, shows the excellent work of TfL working with partners,” Mr Khan told the Local Democracy Reporting service
“But it’s still causing inconvenience to Londoners, including young Londoners going about their business and trying to use their Zip card.
Advertisement
Hide AdAdvertisement
Hide Ad“TfL are working incredibly hard around the clock. I speak to the commissioner [of TfL, Andy Lord] on a daily basis – I mean, he’s working seven days a week, with experts, to try and avoid the consequences of the cyber-attack being even worse.
“We do think there’s light at the end of the tunnel, and I’d ask Londoners to bear with TfL, the NCA, the NCSC, as they carry on trying to withstand the attempts of these criminals to cause extreme damage to TfL.”
A spokesperson for Rail Delivery Group said: “As it is currently not possible for customers to apply for new Zip Oyster photocards or access their photocard web accounts as a result of a major cyber security incident at Transport for London (TfL), we have agreed to accept expired 5-10 and 11-15 Zip Oyster photocards on National Rail services where they are normally accepted until the end of 31 October 2024.
Advertisement
Hide AdAdvertisement
Hide Ad"Our priority is to ensure that our customers and their families can travel smoothly, and we will continue working closely with TfL to provide the best possible solution for them."
Geoff Hobbs, TfL’s director of public transport service planning, said Zip card users should continue to use their existing card, even if it had expired.
“To ensure children and older Londoners can continue to travel on our network, we have made the decision to continue to accept Zip Oyster photocards for under 16-year-olds throughout October that are due to expire on September 30,” he said.
Advertisement
Hide AdAdvertisement
Hide Ad“Additionally, we are postponing the yearly address check that we require for holders of 60+ Oyster cards until a later date. We have written to all affected customers to update them on this.
“Children will need to show their expired photocard to staff at the start and end of their journey on TfL services, or as requested.
“Customers with a 60+ Oyster photocard, who have recently been invited to complete the 60+ yearly address check, can continue to travel as normal.
“When our photocard systems are back up and running, we will write to customers again to let them know they can complete their Zip Oyster photocard application or 60+ address check.”
Comment Guidelines
National World encourages reader discussion on our stories. User feedback, insights and back-and-forth exchanges add a rich layer of context to reporting. Please review our Community Guidelines before commenting.