Nearly two weeks after a significant cybersecurity breach, Transport for London (TfL) announced on its employee hub that its 30,000 employees must attend in-person appointments to verify their identities and reset their passwords.
This move follows a full system reset after the entity discovered that some employee and customer data had been compromised.
The cyberattack first detected on 1 September 2024, prompted immediate action to limit access to TfL systems. According to TfL’s Chief Technology Officer, Shashi Verma, investigations revealed that employee directory details, including email addresses, job titles, and employee numbers, were accessed.
Luckily, there is zero evidence that sensitive information (bank details, home addresses, birth dates) has been compromised. However, TfL erred on the side of caution and has reset all employee accounts on its OneLondon platform.
Over and above the employee data breach, the attack affected a limited number of customers. Some 5,000 customers’ data could have been accessed, including names, contact details, and, in some cases, bank account numbers and sort codes related to Oyster card refunds. TfL has been working closely with the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to investigate the attack and prevent further security breaches.
As a result of the breach, employees are now required to attend scheduled time slots to reset their passwords in person. Additional walk-in options are available for those who have not yet received appointments. This mass identity verification process protects TfL’s systems and employees from further exposure.
The cyberattack also temporarily disrupted certain TfL services, including live Tube arrival information, and suspended applications for new Oyster photocards. TfL has reassured the public that there is minimal impact on customer journeys, though response times for online inquiries may be delayed due to limited staff access.
TfL emphasizes the importance of online security and has advised employees and customers to be cautious of phishing attempts and suspicious communications. The organization is actively working to secure its systems and provide guidance to those affected by the breach.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.