TfL has requested that all employees, approximately 30,000 people, attend in-person identification verification and password reset meetings. A security breach that was made public over two weeks ago prompted the implementation of this regulation.
Furthermore, the company has confirmed that customer data was compromised in the attack, leading to the arrest of one individual. Applications for new Oyster picture and Zip cards have been temporarily blocked due to the possibility that the disclosed information contains sensitive data from about 5,000 customers.
As a result, all TfL employees will need to make in-person appointments to change their passwords.
The attack disrupted internal systems, internet services, and the agency’s refund processing capabilities, although it had no effect on London’s transit services. As of last Friday, TfL staff were still facing outages and system issues, limiting their ability to respond to customer requests and process refunds for cashless travels.
The TfL staff Hub reported both customer and staff information had been accessed, although it looks like the only information that was stolen was employee numbers, job titles, and email addresses.
TfL verified that attackers had obtained directory data, but they found no indication that additional personal details, including home addresses, dates of birth, or bank account information, had been compromised.
TfL affirmed that it would contact any client whose data was exposed. Additionally, the company is closely monitoring its system to ensure that only authorised individuals can access it.
Teen Arrested in UK for Suspected Cyberattacks Linked to Scattered Spider
The National Crime Agency (NCA) of the United Kingdom arrested a 17-year-old resident of Walsall on Thursday on suspicion of participating in a cyberattack against the city’s public transport system. The teenager was released on bail after being questioned.
Interestingly, West Midlands Police had previously arrested another 17-year-old from Walsall in July 2024, linked to a ransomware attack on MGM Resorts, attributed to the Scattered Spider group.
It remains unclear if these two incidents involve the same person. In June, a 22-year-old British citizen was arrested in Spain for reportedly being involved in many Scattered Spider ransomware operations.
The National Cyber Security Centre (NCSC), a division of the British spy agency GCHQ, and TfL are collaborating with the cybercrime team to tackle the situation and lower risks in the context of the recent TfL hack.
This hack highlights an increasing trend in which cybercriminals target critical infrastructure. Hospitals and energy firms are examples of public sector organisations that are especially vulnerable since they frequently lack the funding for sophisticated security measures.
At Phishing Tackle, we know all too well that security technology is often left incorrectly configured, demonstrated by our free Domain Spoofing Test which currently gets past around 50% of users security systems.
Security Awareness Training remains one of the most cost-effective methods of boosting cyber-security within your business. Have a look at our free Click-Prone® Test to find out how many of your staff are susceptible to a phishing attack and learn how you can reduce this number today.