SP
BravenNow
TfL hack in 2024 affected around 10 million people, BBC can reveal
| United Kingdom | general | βœ“ Verified - bbc.com

TfL hack in 2024 affected around 10 million people, BBC can reveal

#Transport for London #data breach #cyber attack #Scattered Spider #personal data #ICO #data protection #London hack

πŸ“Œ Key Takeaways

  • TfL hack in 2024 affected approximately 10 million people
  • Hackers from Scattered Spider crime group breached TfL systems
  • TfL initially downplayed the scale of the breach
  • The breach contained names, contact details, and physical addresses of millions
  • UK regulatory body cleared TfL of wrongdoing despite the large scale

πŸ“– Full Retelling

Transport for London (TfL) was hacked by the Scattered Spider crime group in London between late August and early September 2024, resulting in personal data of approximately 10 million people being stolen in what has become one of the biggest data breaches in British history, as revealed by BBC investigations. At the time of the incident, TfL only disclosed that 'some' customers had been affected, but the BBC has now confirmed through a copy of the stolen database that millions had their personal information compromised, including names, email addresses, phone numbers, and physical addresses. The cyber-attack disrupted TfL's online services and information boards, causing an estimated Β£39 million in damages to the transport authority, though it did not directly impact London's physical transport services. TfL has maintained that it 'kept customers informed throughout this incident and will continue to take all necessary action,' though their notification efforts reached only about 7.1 million customers who had registered email addresses, with a 58% open rate on their notifications. The breach, which did not directly impact London's physical transport network, has raised questions about transparency in data breach notifications, as TfL initially downplayed the scale of the incident while other companies in different countries have been more forthcoming about similar breaches. The Information Commissioner's Office cleared TfL of any wrongdoing in February 2025, concluding that formal regulatory action was not proportionate, though experts argue that full transparency is essential for helping individuals understand their risks and for combating cybercrime effectively.

🏷️ Themes

Data Privacy, Cybersecurity, Corporate Transparency

πŸ“š Related People & Topics

ICO

Topics referred to by the same term

ICO or Ico may refer to:

View Profile β†’ Wikipedia β†—
Transport for London

Transport for London

English transport authority

Transport for London (TfL) is a local government body responsible for most of the transport network in London, United Kingdom. TfL is the successor organisation of the London Passenger Transport Board, which was established in 1933, and several other bodies in the intervening years. Since the curren...

View Profile β†’ Wikipedia β†—

Scattered Spider

British-American hacking group

Scattered Spider, also referred to as UNC3944 and, more recently identified as ShinyHunters, is a hacking group mostly made up of teens and young adults believed to live in the United States and the United Kingdom. The group is believed to be affiliated with cybercriminal network, "The Com", or more...

View Profile β†’ Wikipedia β†—

Entity Intersection Graph

No entity connections available yet for this article.

Mentioned Entities

ICO

Topics referred to by the same term

 Transport for London

Transport for London

English transport authority

Scattered Spider

British-American hacking group
}
Original Source
TfL hack in 2024 affected around 10 million people, BBC can reveal 40 minutes ago Share Save Joe Tidy Cyber correspondent Share Save Around 10 million people had their data stolen when Transport for London was hacked in 2024, the BBC has discovered, making it one of the biggest hacks in British history. At the time the company only disclosed that "some" customers had been affected, but has now confirmed that millions of people had their personal data taken. The cyber-attack, by hackers from the so-called Scattered Spider crime group, breached TfL's internal computer systems, disrupting its online services and causing Β£39m in damages. The hackers downloaded a database containing customer information - and by seeing a copy of the file BBC News has established the scale of the hack. TfL insisted to the BBC it has "kept customers informed throughout this incident and will continue to take all necessary action". The attack, which took place between late August and early September 2024, did not directly impact London transport but saw many TfL online services and information boards go offline. The trial of two British teenagers accused of carrying out the hack is set to begin in June. Millions of names The BBC was contacted by someone in the hacking community who obtained a copy of the full TfL database. It contains names, email addresses, home phone numbers, mobile phone numbers and physical addresses of an estimated 10 million people. The person, who did not reveal their identity, shared the database with the BBC so it could verify the data. The data, deleted by the BBC after viewing, contains millions of lines of names and personal details - including my own. In total it has nearly 15 million 'lines' of data, but some of these are thought to be duplicates. TfL has said it carried out a thorough investigation into the hack, but refused to give a precise figure for how many people were affected. Now, the organisation has admitted it sent emails to 7,113,429 customers wit...
Read full article at source

Source

bbc.com

More from United Kingdom

News from Other Countries

πŸ‡ΊπŸ‡Έ USA

πŸ‡ΊπŸ‡¦ Ukraine