TfL reveals 5,000 customers' bank info compromised. | CybSec Wizard

Cyber Security Wizard

Wizardry for Cyber

Cyber Security Wizard

TLDR:

Transport for London confirmed that 5,000 customers’ bank data may have been exposed in a cyber incident. 30,000 employees’ passwords are being reset in person. The National Crime Agency arrested a 17-year-old in connection with the attack.

Article Summary:

Transport for London (TfL) has announced that some customer data, including bank details, might have been accessed in a cyber incident. Approximately 5,000 customers’ bank account numbers and sort codes from Oyster card refund data were potentially exposed. Due to the incident, large portions of the TfL IT infrastructure have been taken offline, affecting services like live tube arrival information and Oyster photocards applications. TfL is resetting 30,000 employee passwords in person.

The incident prompted the agency to conduct an all-staff identity check, suspecting that employee details such as email addresses, job titles, and employee numbers were accessed. The National Crime Agency (NCA) has confirmed the arrest of a 17-year-old in relation to Computer Misuse Act offences linked to the attack on TfL on September 1.

Following the incident, TfL has enhanced physical security at its offices and facilities. In the past, TfL has experienced identity theft and malware incidents, such as an employee using a keylogger to access accounts. The incident remains ongoing, with investigations being led by the NCA to minimize risks and manage the situation.

Post Views: 17

Adrian Johnson

Latest from Blog

Snowflake debuts MFA with 14-character passwords for added security

TLDR: Snowflake has rolled out MFA by default on its platform alongside 14-character passwords. This move comes after a series of high-profile third-party hacks on Snowflake customers. According to a recent article

CISA’s Election Infrastructure Cybersecurity Checklist: Essential Preventive Measures Covered

Article Summary TLDR: The CISA cybersecurity checklist provides standard preventive measures for election infrastructure. It covers basics such as MFA, segmenting, backups, and email protections. CISA has released a new cybersecurity checklist

Apple iOS 18 drops with patches for 32 security problems

TLDR: Apple has released iOS 18, addressing 32 security vulnerabilities. Vulnerabilities in Siri, Safari Private Browsing, and other components were fixed. Apple has released iOS 18, addressing a total of 32 security

Iranian ambassador injured in cyber attack on Hezbollah fighters: Reuters

TLDR: Thousands of Hezbollah fighters and medics were injured by exploding pagers in Lebanon. Lebanon blamed Israel for the explosions, which caused chaos and panic across the country. Thousands of members of

2024 Onyxia Cyber SC Award Winners – Recognize Excellence

TLDR: Onyxia Cyber has won the Best Emerging Technology award at the 2024 SC Awards for its innovative Cybersecurity Management Platform, powered by AI and machine learning. The platform offers real-time assessments,

2024 SC Award Winners: SlashNext, Best Secure Messaging Solution

TLDR: SlashNext won the Best Secure Messaging Solution award at the 2024 SC Awards. Their platform uses Next Gen AI to provide real-time protection against various forms of cyber fraud. In the

Shining light on cyber defense with identity illumination

Article Summary TLDR: Identity is the new perimeter in cybersecurity Organizations need to focus on identity visibility for stronger cyber defense Identity is the new perimeter in cybersecurity, as organizations shift towards

NVD battles against CVE backlog as attackers evolve their tactics

TL;DR: As the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) faces a backlog in processing vulnerabilities, attackers are changing tactics to exploit lesser-known vulnerabilities. The backlog is partially

Google Chrome levels up with ML-KEM for ultimate cybersecurity

TLDR: Google Chrome is switching from KYBER to ML-KEM for post-quantum cryptography defense. The changes are set to take effect in Chrome version 131 in early November 2024. Google has announced the

Level up your cybersecurity with the Updated NIST Framework

TLDR: The NIST Cybersecurity Framework has been updated to reflect the evolving role of technology infrastructure on organizational objectives. The new version, CSF2, includes a function focused on governance and a dedicated