Priya PatelTLDR:
- Transport for London (TfL) requires 30,000 employees to reset passwords in person after a cyberattack
- Customer data, including names and contact details, compromised during attack
Article Summary:
Transport for London (TfL) has mandated that all of its approximately 30,000 employees must attend in-person appointments to reset their passwords and verify their identities following a cybersecurity incident. This decision comes after the agency experienced disruptions in its internal systems and online services due to a cyberattack. Although there was no evidence of compromised data affecting London’s transportation services, customer data such as names and contact details were compromised during the attack. TfL confirmed that employee and customer directory data, including email addresses and job titles, were accessed by the attackers, but sensitive data like banking details were not compromised. The United Kingdom’s National Crime Agency arrested a 17-year-old teenager in connection with the cyberattack on TfL, who was later released on bail after questioning. This incident adds to a previous data breach that TfL experienced in May 2023 when data belonging to approximately 13,000 customers was stolen by the Clop ransomware gang. The agency continues to assure the public that steps are being taken to address the cybersecurity incident and protect customer data.
