Transport for London (TfL) has decided that the cyberattack on September 1 impacts buyer knowledge, together with names, contact particulars, electronic mail addresses, and residential addresses.
The city transportation company had knowledgeable the general public on September 2 about an ongoing cybersecurity incident, assuring prospects that on the time there was no proof of information being compromised.
Final Friday, TfL workers was nonetheless going through system outages and disruptions, together with the lack to reply to buyer requests submitted by way of on-line kinds, difficulty refunds for journeys paid with contactless strategies, and extra.
A brand new replace on the TfL incident web page explains that though the affect on its operations has remained minimal all through this time, inside investigation uncovered that buyer knowledge has been compromised.
“Though there was little or no affect on our prospects thus far, the scenario is evolving, and our investigations have recognized that sure buyer knowledge has been accessed,” reads the standing web page.
“This contains some buyer names and get in touch with particulars, together with electronic mail addresses and residential addresses the place supplied.”
Moreover, the company found that the hackers could have accessed some Oyster card refund knowledge and checking account quantity and type codes for roughly 5,000 prospects.
BleepingComputer can verify that affected prospects are receiving customized notifications informing them of the info breach, so folks ought to examine their electronic mail to study if they’re amongst these impacted.
TfL says there are nonetheless mitigation measures in place to assist shield knowledge and programs till the remediation efforts are concluded, which implies that some companies stay unavailable.
Issues that prospects ought to concentrate on:
- Reside Tube arrival data is unavailable on some digital channels, however in-station and journey planning data is accessible.
- Purposes for brand spanking new Oyster photocards, together with Zip playing cards, are quickly suspended. Name 0343 222 1234 (possibility 1) for misplaced card replacements.
- Maintain data of fares if you cannot apply for a photocard; refunds could also be doable as soon as the cyber incident is resolved.
- Contactless customers cannot entry on-line journey historical past.
- Refunds for incomplete journeys utilizing contactless are unavailable; at all times contact in/out. Oyster customers can handle refunds on-line.
- Workers have restricted system entry, inflicting delays in on-line response.
On the time of writing, no ransomware gang has claimed the cyberattack at TfL.