Attack On Transport For London Exposed Passenger Bank Details

The recent cyber attack on Transport for London (TfL) is much worse than first thought. TfL has now said. This comes after it was revealed a teenager had been arrested in connection with the hack. 

Names and phone numbers of passengers are thought to have been obtained, including some personal data from Oyster cards and Contactless bank cards used to make journeys on the capital’s public transport network and 30,000 employees' passwords will need to be reset via in-person appointments.

The hack is understood to have potentially exposed the bank account details of about 5,000 passengers, either via activity on their Oyster card account or refund data. This includes account numbers and sort codes.

In addition, an unknown number of passengers who had signed up to TfL email alerts and are thought to have  had their name, home address or email account exposed. TfL will contact the affected customers and it  is taking immediate measures to improve online security.

In the latest development, the UK National Crime Agency (NCA) has said that a 17-year-old male has been arrested on suspicion of offences in relation to the Computer Misuse Act. The teenager, who was arrested in Walsall on 5 September and has been questioned by NCA officers and released on  bail. 

This cyber attack has wider implications for the roll-out of contactless train travel outside London. TfL has been fitting contactless ticket barriers to about 100 stations and this has now been paused. 

While the network continues to run, parts of the TfL IT infrastructure are offline. Live tube arrival information isn't available, applications for new Oyster photocards have been suspended, and refunds for incomplete pay-as-you-go journeys made using contactless and the rail staff have limited access to systems.

NCA   |   Standard   |   CityAM   |    Yahoo   |    Southwark News   |    Register   |    

Image: Ben Wicks

You Might Also Read: 

Electric Vehicle Charging Stations Are Here - Will Cyberattacks Follow?:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Who Are The Top 10 Cyber Security Companies? [extract]
Which US States Are Most At Risk From Cyber Attacks?  »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Spirion

Spirion

Spirion offers data discovery, classification, and protection tools for your business's privacy, security, and compliance program to avoid gaps and risks.

Mitchell Sandham

Mitchell Sandham

Mitchell Sandham is an, independent insurance and financial services brokerage. Business products include Cyber/Privacy Liability insurance.

NAVEX Global

NAVEX Global

NAVEX Global’s compliance management system consolidates your entire GRC program onto a scalable cloud-based platform.

Clari5

Clari5

Clari5 redefines real-time, cross channel banking Enterprise Fraud Management using a central nervous system approach to fight financial crime.

NinjaJobs

NinjaJobs

NinjaJobs is a community-run job platform developed by information security professionals. We focusing strictly on cybersecurity positions.

aDolus Technology

aDolus Technology

aDolus delivers a robust solution for safeguarding against counterfeit or malicious software and firmware in mission-critical systems.

Dcode

Dcode

Dcode connects the tech industry and government to drive commercial innovation in the federal market.

Casque SNR

Casque SNR

CASQUE SNR is the next generation of Identity Assurance that has potential to supersede existing solutions. It provides Identity Assurance for both people and things.

Kainos

Kainos

Kainos is a leading provider of Digital Services and Platforms. Our services include Digital Transformation, Cyber Security, Cloud, AI, IoT and more.

VIRTIS

VIRTIS

VIRTIS' mission is to provide today's leading organizations peace of mind that their entire digital network perimeter is safe from hackers and data breach.

Prelude

Prelude

Prelude offer the first autonomous platform built to attack, defend and train critical assets through continuous red-teaming.

Intigriti

Intigriti

Intigriti is Europe's leading bug bounty and vulnerability disclosure platform, connecting organizations with a global community of ethical hackers to enhance cybersecurity through continuous testing.

ECIT

ECIT

ECIT is your preferred provider of finance and IT services. We believe in the value of combining financial and IT services to streamline and improve the operation of your business.

Databarracks

Databarracks

Databarracks deliver award winning IT resilience and continuity services. We help organisations get the most out of the cloud and protect their data, wherever it lives.

Securin

Securin

Securin offers a comprehensive portfolio of solutions including Attack Surface Management, Vulnerability Intelligence, Penetration Testing, and Vulnerability Management.

StepSecurity

StepSecurity

StepSecurity provides a comprehensive security platform for GitHub Actions.