"According to the BBC, which has obtained and reviewed a copy of the database from an unnamed hacker, the data contained the names, email addresses, landline and mobile phone numbers, and street addresses of approximately 10 million people. Computer Weekly understands the copy of the database, which contained 15 million lines of data, has been destroyed."
"Scattered Spider breached TfL's systems in August 2024 - with the incident coming to light at the start of September - and forced TfL to pay millions in response and remediation costs, with the authority ultimately facing a bill of almost £40m."
"TfL told the BBC it had kept customers informed throughout its investigation and would continue to take further action as necessary. However, in disclosing the incident, it admitted it had only reached out to just over seven million individuals who had registered their email addresses with it, and about 40% of those emails were never opened."
"ESET's Jake Moore said the most surprising element of the situation was less that millions of people were affected by the breach, but more that it took nearly 18 months for it to come to light."
In August 2024, the Scattered Spider cyber attack breached Transport for London's systems, compromising personal data including names, email addresses, phone numbers, and street addresses of approximately 10 million passengers. The incident forced TfL to incur nearly £40 million in response and remediation costs, though core services continued operating. Disruptions affected technical services including third-party APIs and Oyster card services. TfL notified only 7 million registered users, with 40% of notification emails unopened, leaving millions unaware of the breach. Two teenagers were charged in September 2025. Security experts highlighted the concerning delay of 18 months before the breach became public knowledge, emphasizing the significant value of such datasets to criminals.
#scattered-spider-cyber-attack #transport-for-london-data-breach #personal-data-compromise #cybersecurity-incident-response #data-breach-disclosure
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]