Attack On Transport For London Exposed Passenger Bank Details

Uploaded on 2024-09-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

The recent cyber attack on Transport for London (TfL) is much worse than first thought. TfL has now said. This comes after it was revealed a teenager had been arrested in connection with the hack. 

Names and phone numbers of passengers are thought to have been obtained, including some personal data from Oyster cards and Contactless bank cards used to make journeys on the capital’s public transport network and 30,000 employees' passwords will need to be reset via in-person appointments.

The hack is understood to have potentially exposed the bank account details of about 5,000 passengers, either via activity on their Oyster card account or refund data. This includes account numbers and sort codes.

In addition, an unknown number of passengers who had signed up to TfL email alerts and are thought to have  had their name, home address or email account exposed. TfL will contact the affected customers and it  is taking immediate measures to improve online security.

In the latest development, the UK National Crime Agency (NCA) has said that a 17-year-old male has been arrested on suspicion of offences in relation to the Computer Misuse Act. The teenager, who was arrested in Walsall on 5 September and has been questioned by NCA officers and released on  bail. 

This cyber attack has wider implications for the roll-out of contactless train travel outside London. TfL has been fitting contactless ticket barriers to about 100 stations and this has now been paused. 

While the network continues to run, parts of the TfL IT infrastructure are offline. Live tube arrival information isn't available, applications for new Oyster photocards have been suspended, and refunds for incomplete pay-as-you-go journeys made using contactless and the rail staff have limited access to systems.

NCA   |   Standard   |   CityAM   |    Yahoo   |    Southwark News   |    Register   |    

Image: Ben Wicks

You Might Also Read: 

Electric Vehicle Charging Stations Are Here - Will Cyberattacks Follow?:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Who Are The Top 10 Cyber Security Companies? [extract]
Which US States Are Most At Risk From Cyber Attacks?  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Wizard Computing

Wizard Computing

Wizard Computer Services is a full service IT solutions provider that offers managed services, consultation, installation, and support to small and large businesses in New England.

DoD Cyber Crime Center (DC3)

DoD Cyber Crime Center (DC3)

DC3 is a US Department of Defense (DoD) center of excellence for Digital and Multimedia forensics.

Messageware

Messageware

Messageware is the market leader in securing, enhancing, and customizing Microsoft Exchange and Outlook Web App.

IoT European Research Cluster (IERC)

IoT European Research Cluster (IERC)

IERC brings together EU-funded projects with the aim of defining a common vision for IoT technology and development research challenges.

Threat Intelligence

Threat Intelligence

Threat Intelligence is a specialist security company providing penetration testing, threat intelligence, incident response and training services.

Exatel

Exatel

Exatel is Poland’s leading provider of ICT security services.

Crashtest Security

Crashtest Security

Crashtest Security is a cyber security company that helps digital companies to continuously create secure software with the help of automated vulnerability assessments.

Cyber@StationF

Cyber@StationF

Cyber@StationF is an up to 6 months international startup acceleration programme, whose members provide solutions for the Cybersecurity industry.

689cloud

689cloud

689Cloud is a cloud content collaboration platform that allows users to protect, track, and control files AFTER they have been shared.

QAlified

QAlified

QAlified offer independent testing and quality assurance services for software projects including security testing.

NAK Consulting Services

NAK Consulting Services

NAK is helping organisations to create Secure, Agile IT Environments. Our goal is to be the trusted advisor and managed service partner for our clients.

Techmentum

Techmentum

At Techmentum, our mission is to utilize technology to help companies succeed. Our expertise includes fully managed IT services, cybersecurity, cloud, and custom technology solutions.

Whitaker Brothers

Whitaker Brothers

Whitaker Brothers data destruction equipment can be found in 115 countries and every single continent in the world, from major military organizations to small offices.

Multipoint Group

Multipoint Group

Multipoint is an information security and protection solutions company operating in the South EMEA region through value-added distribution channels.

Alset Technologies

Alset Technologies

Alset Technologies provides DASH - a comprehensive solution to DISA STIG (Security Technical Implementation Guide) compliance.

Nagomi Security

Nagomi Security

Nagomi is changing the way security teams balance risk and defense, empowering customers to focus on what matters now.