A cyberattack on Transport for London (TfL) in 2024 compromised personal data of millions, with a trial for two accused teenagers set for June. The hack, attributed to the Scattered Spider group, caused significant disruption and damages. According to sources, the hack was one of the biggest in British history.
The attack breached TfL's internal computer systems, disrupting its online services and causing £39 million in damages. It took place between late August and early September 2024 and did not directly impact London transport but saw many TfL online services and information boards go offline. Around 10 million people had their data stolen, with the stolen database containing names, email addresses, home phone numbers, mobile phone numbers, and physical addresses.
The database has nearly 15 million lines of data, but some are thought to be duplicates. TfL initially only disclosed that 'some' customers had been affected but has now confirmed that millions of people had their personal data taken. TfL sent emails to 7,113,429 customers to notify them, with a 58% open rate suggesting many did not read the notification.
TfL identified about 5,000 customers at heightened risk because their Oyster card refund data may also have been accessed, which could include bank account numbers and sort codes, and wrote to them as a precaution. The risk to individuals remains low, but being a victim of a data breach increases the likelihood of being targeted in scams and fraud attacks. Stolen databases are often traded or shared in hacker communities, though the person who shared the database with the BBC says they are not aware of the data being used for secondary attacks yet.
TfL insisted it has 'kept customers informed throughout this incident and will continue to take all necessary action'. TfL carried out a thorough investigation but refused to give a precise figure for how many people were affected, as British laws do not require companies to publicly disclose exact numbers. The trial of two British teenagers accused of carrying out the hack is set to begin in June.
It is unknown how exactly the hackers breached TfL's systems and what vulnerabilities were exploited.