TfL confirms 5,000 customers’ bank data exposed • The Register

Breaking Transport for London’s ongoing cyber incident has taken a darkish flip because the group confirmed that some information, together with financial institution particulars, might need been accessed, and 30,000 staff’ passwords will should be reset through in-person appointments.

TfL dropped the declare it made earlier this week that there had been “no proof” of buyer information being compromised in its cyber incident web page. An extra replace has now confirmed that, sure, some buyer information may certainly have been accessed. In line with TfL: “Some Oyster card refund information could have been accessed. This might embody checking account numbers and kind codes for a restricted variety of prospects (round 5,000).”

TfL has stated it can contact affected prospects as quickly as potential “as a precautionary measure.”

Whereas the community continues to run, massive chunks of the TfL IT infrastructure have been pulled offline. Stay tube arrival info is not accessible, purposes for brand spanking new Oyster photocards have been suspended, and refunds for incomplete pay-as-you-go journeys made utilizing contactless. Employees have restricted entry to techniques.

The final level is critical since TfL is endeavor an all-staff id examine and resetting 30,000 worker passwords in particular person. In line with the TfL Employee Hub, employees particulars have been accessed in addition to these of consumers, though proper now TfL solely suspects electronic mail addresses, job titles, and worker numbers have been checked out.

The Register understands that the incident could be very a lot ongoing. There has additionally been an emergency assembly for administration concerning the scenario and a change within the bodily safety stance round TfL places of work and services.

Bodily safety has, nonetheless, been beefed up by the sounds of it, though the very harrassed-sounding PR particular person stated it was to “draw a line underneath all of it.”

TfL is not any stranger to id theft and malware. In 2023, in an unrelated incident, a London Underground employee, utilizing a keylogger, was in a position to give himself reductions and entry the accounts of colleagues. The employee, Lewis Kelly, narrowly avoided a custodial sentence on the time. ®

Up to date so as to add at 1515 UTC:

The Nationwide Crime Company confirmed simply minutes in the past that a young person was arrested final week in Walsall as a part of the investigation into the assault. The NCA stated, “The 17-year-old male was detained on suspicion of Pc Misuse Act offences in relation to the assault, which was launched on TfL on 1 September.”

{The teenager}, who was arrested on September 5, was questioned by NCA officers after which bailed.

The cybercrime cops stated they have been main the legislation enforcement response to the assault on TfL, working carefully with the Nationwide Cyber Safety Centre – an offshoot of british intelligence nerve middle GCHQ – in addition to with the transport physique itself “to handle the incident and decrease any dangers.”

NCA deputy director Paul Foster, head of the company’s Nationwide Cyber Crime Unit, stated: “Assaults on public infrastructure akin to this may be massively disruptive and result in extreme penalties for native communities and nationwide techniques.”The swift response by TfL following the incident has enabled us to behave shortly, and we’re grateful for his or her continued co-operation with our investigation, which stays ongoing.”