Following a summer of cyber attacks on Microsoft and the NHS, September saw TFL (Transport for London) under attack with a large scale cyber security incident.
What happened?
On Sunday 1st September, suspicious activity was identified and TFL took action to limit access. An investigation was then launched alongside the National Crime Agency and the National Cyber Security Centre. They described the attack as “sophisticated and aggressive”.
Whilst it was initially reported that no customer data had been compromised, the investigation discovered that certain customer data had been accessed. Some customer names and contact details were accessed, including email addresses and home addresses. It was also found that some Oyster card refund data could have been accessed from around 5,000 customers, this included bank account numbers and sort codes. Luckily, despite this information being accessed, so far no customers have suffered any financial losses due to the data breach.
Some TFL staff were instructed to work from home. All staff have been subject to ID checks and a full IT reset. At some point in the near future, all 27,000 employees will have to go to the TFL HQ in Stratford to have their passwords changed and digital identities recertified.
Customer consequences
Thankfully, buses and tube lines were not directly affected and still ran as normal. However, TFL engineers did have to shut down some areas of operations such as dial-a-ride and concession card applications.
The BBC reported that they were unable to process payments on the Oyster and contactless app as well as being unable to register Oyster cards to customer accounts on their website. Alongside being unable to issue refunds for incomplete pay-as-you-go journeys made using contactless.
What happens now?
A 17-year-old male has been arrested in connection to the attack under the Computer Misuse Act. He was arrested on 5th September, questioned and later bailed pending further investigation.
TFL have said they are still investigating the attack and will continue to work with staff and customers until all disruption is resolved.
At Sharp, we work closely with our clients as their technology partner, seeking to strengthen their cyber security and preventing attacks like this happening.
