Security News Transport for London discloses ongoing “cyber security incident”

Gandalf_The_Grey

Level 81
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,068
Transport for London (TfL), the city's transport authority, is investigating an ongoing cyberattack that has yet to impact its services.

The agency says that, for the moment, there is no evidence that customer information was compromised during the incident.

"We are currently dealing with an ongoing cyber security incident," TfL's Customer Information Team warned customers over email earlier and in a statement published online today.

"At present, there is no evidence that any customer data has been compromised and there has been no impact on TfL services."

TfL has also reported the attack to relevant government agencies (including the National Crime Agency and the National Cyber Security Centre) and works closely with them to respond and contain the incident's impact.

"The security of our systems and customer data is very important to us, and we have taken immediate action to prevent any further access to our systems," the agency added.

"We have introduced a number of measures to our internal systems to deal with an ongoing cyber security incident," TfL's chief technology officer Shashi Verma said in a statement to the BBC.
 

Gandalf_The_Grey

Level 81
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,068
Transport for London confirms customer data stolen in cyberattack
Transport for London (TfL) has determined that the cyberattack on September 1 impacts customer data, including names, contact details, email addresses, and home addresses.

The urban transportation agency had informed the public on September 2 about an ongoing cybersecurity incident, assuring customers that at the time there was no evidence of data being compromised.

Last Friday, TfL staff was still facing system outages and disruptions, including the inability to respond to customer requests submitted via online forms, issue refunds for journeys paid with contactless methods, and more.

A new update on the TfL incident page explains that although the impact on its operations has remained minimal throughout this time, internal investigation uncovered that customer data has been compromised.

"Although there has been very little impact on our customers so far, the situation is evolving, and our investigations have identified that certain customer data has been accessed," reads the status page.

"This includes some customer names and contact details, including email addresses and home addresses where provided."

Additionally, the agency discovered that the hackers may have accessed some Oyster card refund data and bank account number and sort codes for approximately 5,000 customers.
 

Gandalf_The_Grey

Level 81
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,068
UK arrests teen linked to Transport for London cyber attack
U.K.'s National Crime Agency says it arrested a 17-year-old teenager who is suspected of being connected to the cyberattack on Transport for London, the city's public transportation agency.

"A teenager has been arrested in Walsall by the National Crime Agency, as part of the investigation into a cyber security incident affecting Transport for London (TfL)," reads the NCA statement.

"The 17-year-old male was detained on suspicion of Computer Misuse Act offences in relation to the attack, which was launched on TfL on 1 September."

The teenager was questioned by NCA officers and subsequently released on bail.
 

[correlate]

Level 18
Verified
Top Poster
Well-known
May 4, 2019
823
British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London (TfL).
"The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September," the U.K. National Crime Agency (NCA)
 

Gandalf_The_Grey

Level 81
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,068
TfL requires in-person password resets for 30,000 employees after hack
Transport for London (TfL) says that all staff (roughly 30,000 employees) must attend in-person appointments to verify their identities and reset passwords following a cybersecurity incident disclosed almost two weeks ago.

"Resetting 30,000 colleague passwords in person will take some time and we will be prioritising the allocation of appointments centrally," TfL said on the TfL employee hub.

"This means everyone will be required to attend an appointment at a specified TfL location to reset their password and be verified in-person for access to TfL applications and data," it added.
 
  • Wow
Reactions: marg

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top