Transport for London (TfL) has mandated that all of its approximately 30,000 employees must attend in-person appointments to verify their identities and reset their passwords. This requirement follows a cybersecurity incident that was disclosed nearly two weeks ago.
The organization stated on the TfL employee hub, “Resetting passwords for 30,000 colleagues in person will require some time, and we will be prioritizing the scheduling of these appointments centrally.” Employees are required to visit designated TfL locations to complete this process and regain access to internal applications and data.
A similar protocol was implemented by DICK’S Sporting Goods’ IT team after a cyberattack in August. They required employees to validate their identities via video before restoring access to internal systems.
On September 2, TfL first alerted the public about the cybersecurity breach while assuring customers that there was no indication of compromised data. Although transportation services remained unaffected, internal systems experienced disruptions which hindered online services and delayed refund processing. As of last Friday, staff continued facing outages that impacted customer service responses and contactless journey refunds.
An update on TfL’s incident status page revealed this week that customer information—including names, contact numbers, and addresses—had been compromised during the attack. The agency reassured customers through its employee hub: “Some may have concerns regarding our network security; we want to emphasize that our network is secure.” They also mentioned they would reach out directly with updates concerning affected data.
Additionally, TfL confirmed unauthorized access occurred regarding both employee and customer directory information such as email addresses, job titles, and employee identification numbers. However, they noted no sensitive details like banking information or birth dates appeared compromised.
Arrest Made by National Crime Agency
On Thursday, a 17-year-old from Walsall was arrested by the UK’s National Crime Agency (NCA) on suspicion of involvement in the cyberattack against TfL but was later released on bail after questioning by NCA officials.
This arrest follows another incident where a different 17-year-old male from Walsall was apprehended in July due to potential connections with a ransomware attack targeting MGM Resorts—a breach attributed to Scattered Spider hackers affiliated with BlackCat ransomware group.
BleepingComputer has reached out for clarification regarding whether this individual is linked again but has yet to receive an answer from NCA representatives.
TfL provides essential transport services for over 8.4 million residents across London through its extensive surface transport networks as well as underground railways managed alongside Crossrail operations with the UK’s Transport Department.
In May 2023 alone, TfL faced another significant data breach when Clop ransomware attackers infiltrated one of its suppliers’ MOVEit managed file transfer servers—resulting in sensitive information being stolen from around 13,000 customers.
I AM A HIGHSCHOOL STUDENT . BEING CREATIVE I LIKE TO WRITE A LOT OF GOOD CONTENT . I HAVE WRITTEN SO MANY ARTICLES,ESSAYS AND STORIES IN MY LIFE AND I AM PASSIONATE TO CONTINUE DOING IT . I MAINLY WRITE ARTICLES ON TRENDING TOPICS AND I ALSO ENJOYING READING ARTICLES .
