True scale of TfL cyber attack emerges: What happened, who was responsible, and how many people were impacted?

Millions of people are believed to have been impacted by the Transport for London {TfL) cyber attack which disrupted IT systems in 2024.

According to analysis from BBC News, the security incident is thought to have affected roughly 10 million people, prompting fierce criticism of the rail operator’s response.

The number of individuals affected would make it one of the UK’s biggest ever cyber attacks, so what happened exactly?

Here, we look at the timeline of the event, and how it continues to play out.

TfL cyber attack: How it unfolded

September 1, 2024

TfL first became aware of the incident on 1 September, when it detected unusual activity on its systems that appeared to have started on 31 August. The organization said at the time it immediately took action to limit access.

September 6, 2024

A few days later, TfL went public about the incident, saying there was no impact to public transport services and no evidence that any customer data had been compromised.

September 12, 2024

A week later, TfL released more information on the incident, assuring customers that financial data like credit card numbers were not compromised - but that some Oyster card refund data might also have been accessed. It said it could contact those customers directly to provide support.

September 16, 2024

Following an investigation by the National Crime Agency (NCA), two teens were arrested on September 16, appearing in court two days later. The pair were allegedly involved in the notorious Scattered Spider cyber crime network.

"Our prosecutors have worked to establish that there is sufficient evidence to bring the case to trial and that it is in the public interest to pursue criminal proceedings, said Hannah Von Dadelszen, chief crown prosecutor for the Crown Prosecution Service.

November 21, 2024

The duo pleaded not guilty to computer hacking charges during a hearing at Southwark Crown Court.

New developments in the TfL attack saga

BBC News published more details of the impact of the attack following contact from an unnamed hacker ,who claimed to have a copy of the full TfL database.

It contains names, email addresses, home phone numbers, mobile phone numbers, and physical addresses for an estimated 10 million people.

TfL admitted that, while it had sent emails to 7,113,429 customers with an email address registered to their account to notify them, the emails had only a 58% open rate.

TfL criticism mounts

The Information Commissioner's Office (ICO) has cleared TfL of any wrongdoing, either in the way the attack happened, or in the way it was handled. However, following the BBC's revelations, it's come in for criticism.

Keven Knight, CEO of Talion, said the incident highlights the need to clear, concise communication with customers in the wake of a cyber attack or data breach.

"While TfL said that they did communicate with over seven million people, it said that only 58% of the emails had an open rate. This is very concerning and this was their opportunity to act and communicate more widely on the scale of the breach," Knight commented.

"Not taking action could imply they were trying to bury the true scale of the incident, which is not only dangerous but also highly irresponsible. Now, a huge proportion of these victims have been left completely in the dark about the fact that their data was compromised. This would have left them more susceptible to phishing emails."

FOLLOW US ON SOCIAL MEDIA

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.