Attack On Transport For London Exposed Passenger Bank Details

Uploaded on 2024-09-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel, TECHNOLOGY--Hackers

The recent cyber attack on Transport for London (TfL) is much worse than first thought. TfL has now said. This comes after it was revealed a teenager had been arrested in connection with the hack. 

Names and phone numbers of passengers are thought to have been obtained, including some personal data from Oyster cards and Contactless bank cards used to make journeys on the capital’s public transport network and 30,000 employees' passwords will need to be reset via in-person appointments.

The hack is understood to have potentially exposed the bank account details of about 5,000 passengers, either via activity on their Oyster card account or refund data. This includes account numbers and sort codes.

In addition, an unknown number of passengers who had signed up to TfL email alerts and are thought to have  had their name, home address or email account exposed. TfL will contact the affected customers and it  is taking immediate measures to improve online security.

In the latest development, the UK National Crime Agency (NCA) has said that a 17-year-old male has been arrested on suspicion of offences in relation to the Computer Misuse Act. The teenager, who was arrested in Walsall on 5 September and has been questioned by NCA officers and released on  bail. 

This cyber attack has wider implications for the roll-out of contactless train travel outside London. TfL has been fitting contactless ticket barriers to about 100 stations and this has now been paused. 

While the network continues to run, parts of the TfL IT infrastructure are offline. Live tube arrival information isn't available, applications for new Oyster photocards have been suspended, and refunds for incomplete pay-as-you-go journeys made using contactless and the rail staff have limited access to systems.

NCA   |   Standard   |   CityAM   |    Yahoo   |    Southwark News   |    Register   |    

Image: Ben Wicks

You Might Also Read: 

Electric Vehicle Charging Stations Are Here - Will Cyberattacks Follow?:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Who Are The Top 10 Cyber Security Companies? [extract]
Which US States Are Most At Risk From Cyber Attacks?  »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BTWorks

BTWorks

BTWorks provides identity management and anti-phishing / smishing solutions for web and mobile apps.

Threat Intelligence

Threat Intelligence

Threat Intelligence is a specialist security company providing penetration testing, threat intelligence, incident response and training services.

SecureAppbox

SecureAppbox

SecureAppbox provide solutions that protects the communication of sensitive data as well as advice on data security and compliance with GDPR.

Zivaro

Zivaro

Zivaro provides transformational consulting and technology services to help clients attain real business value from their technology investments.

CipherTrace

CipherTrace

CipherTrace develops cryptocurrency Anti-Money Laundering, cryptocurrency forensics, and blockchain threat intelligence solutions.

Apozy

Apozy

Apozy replaces a secure web gateway to nullify phishing, malware and impersonation attacks.

Augusta HiTech

Augusta HiTech

Augusta Hitech is a focused product development, software services and technology consulting company. Our Vision is to become the most socially impactful and innovative technology company in the world

GELLIFY

GELLIFY

GELLIFY is the first innovation platform dedicated to the high-tech B2B market, supporting start-ups and companies.

Soliton

Soliton

Soliton is a leading Japanese technology company and a pioneer in IT security solutions for protecting company resources and data from external IT security threats.

Real Protect

Real Protect

Real Protect is a Brazilian provider of managed security (MSS) and cyber defense services.

Start Left® Security

Start Left® Security

From Posture to Performance—The System That Improves How Software Gets Built.

CDS

CDS

CDS is a strategic change agency enabling organisations and businesses to create and build better services to meet the evolving needs of customers, employees and citizens.

AWARE7

AWARE7

IT security for human and machine. With the help of our products and services, we work with you to increase the IT security level of your organization.

PolySwarm

PolySwarm

PolySwarm is a crowdsourced threat intelligence marketplace that provides a more effective way to detect, analyze and respond to the latest threats.

Roberts & Obradovic Law

Roberts & Obradovic Law

Roberts & Obradovic Law Group is a corporate, privacy, employment and litigation law firm.

SEALSQ

SEALSQ

For the last 25 years, SEALSQ have been developing secure semiconductor chips, secure embedded firmware, and tested hardware provisioning services to serve the vision of a safer connected world.