London: Ten million data records stolen in cyberattack on transport authority
In 2024, there was a cyberattack on the British authority TfL. It has now emerged that data from ten million customers was also stolen.
(Image: heise online / dmk)
- Niklas Jan Engelking
During a cyberattack on Transport for London (TfL) in 2024, sensitive data from approximately ten million customers was stolen. The authority is responsible for the transport system in London. According to the BBC, the stolen data includes names, email addresses, phone numbers, and addresses.
An anonymous individual reportedly contacted the British news broadcaster and provided them with the data. They had previously obtained a copy of the stolen TfL database. The BBC states that they examined the data and subsequently deleted it. The approximately 15 million lines were estimated to contain information from ten million TfL customers.
Videos by heise
The attack in 2024 is attributed to the criminal group “Scattered Spider,” according to the BBC. Among other things, many information boards and online services failed, causing damage of 39 million British pounds (equivalent to almost 45 million euros). It was one of the largest cyberattacks in British history. The suspected perpetrators, two young adults, are facing trial in Great Britain.
The BBC accuses TfL of an insufficient response to the cyberattack. The authority did not do enough to warn affected customers. Several million of them received no warning or did not acknowledge it. However, it is likely that the stolen data has not yet been used to carry out further attacks, the BBC reports, citing the anonymous source.
(mho)
