TfL reveals 5,000 customers’ bank info compromised

September 13, 2024
1 min read

TLDR:

Transport for London confirmed that 5,000 customers’ bank data may have been exposed in a cyber incident. 30,000 employees’ passwords are being reset in person. The National Crime Agency arrested a 17-year-old in connection with the attack.

Article Summary:

Transport for London (TfL) has announced that some customer data, including bank details, might have been accessed in a cyber incident. Approximately 5,000 customers’ bank account numbers and sort codes from Oyster card refund data were potentially exposed. Due to the incident, large portions of the TfL IT infrastructure have been taken offline, affecting services like live tube arrival information and Oyster photocards applications. TfL is resetting 30,000 employee passwords in person.

The incident prompted the agency to conduct an all-staff identity check, suspecting that employee details such as email addresses, job titles, and employee numbers were accessed. The National Crime Agency (NCA) has confirmed the arrest of a 17-year-old in relation to Computer Misuse Act offences linked to the attack on TfL on September 1.

Following the incident, TfL has enhanced physical security at its offices and facilities. In the past, TfL has experienced identity theft and malware incidents, such as an employee using a keylogger to access accounts. The incident remains ongoing, with investigations being led by the NCA to minimize risks and manage the situation.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and