Transport for London (TfL) has decided that the cyberattack on September 1 impacts buyer knowledge, together with names, contact particulars, electronic mail addresses, and residential addresses.
The city transportation company had knowledgeable the general public on September 2 about an ongoing cybersecurity incident, assuring prospects that on the time there was no proof of knowledge being compromised.
Final Friday, TfL employees was nonetheless going through system outages and disruptions, together with the lack to answer buyer requests submitted by way of on-line types, concern refunds for journeys paid with contactless strategies, and extra.
A brand new replace on the TfL incident web page explains that though the impression on its operations has remained minimal all through this time, inside investigation uncovered that buyer knowledge has been compromised.
“Though there was little or no impression on our prospects to this point, the scenario is evolving, and our investigations have recognized that sure buyer knowledge has been accessed,” reads the standing web page.
“This consists of some buyer names and call particulars, together with electronic mail addresses and residential addresses the place offered.”
Moreover, the company found that the hackers might have accessed some Oyster card refund knowledge and checking account quantity and type codes for about 5,000 prospects.
BleepingComputer can verify that affected prospects are receiving customized notifications informing them of the data breach, so folks ought to verify their electronic mail to study if they’re amongst these impacted.
TfL says there are nonetheless mitigation measures in place to assist defend knowledge and techniques till the remediation efforts are concluded, which implies that some providers stay unavailable.
Issues that prospects ought to concentrate on:
- Stay Tube arrival information is unavailable on some digital channels, however in-station and journey planning information is accessible.
- Purposes for brand spanking new Oyster photocards, together with Zip playing cards, are quickly suspended. Name 0343 222 1234 (possibility 1) for misplaced card replacements.
- Preserve information of fares if you cannot apply for a photocard; refunds could also be potential as soon as the cyber incident is resolved.
- Contactless customers cannot entry on-line journey historical past.
- Refunds for incomplete journeys utilizing contactless are unavailable; all the time contact in/out. Oyster customers can handle refunds on-line.
- Workers have restricted system entry, inflicting delays in on-line response.
On the time of writing, no ransomware gang has claimed the cyberattack at TfL.
