TfL Hack: 10 Million Affected, BBC Reveals
The BBC has uncovered a significant data breach at Transport for London (TfL), affecting an astonishing 10 million people, making it one of the most extensive hacks in British history.
Initially, TfL only disclosed that "some" customers were affected, but it has now confirmed the vast scale of the breach. The cyber-attack, attributed to the Scattered Spider crime group, infiltrated TfL's internal systems, causing £39 million in damages and disrupting online services.
The hackers accessed a database containing customer information, including names, email addresses, phone numbers, and physical addresses. The BBC obtained a copy of this database, verifying the personal data of an estimated 10 million individuals.
TfL, while insisting on keeping customers informed, has faced criticism for not providing precise figures on the number of affected individuals. They sent emails to over 7 million customers, but the low open rate suggests many impacted individuals may not have been adequately notified.
The risk to individuals is low, but data breaches increase the likelihood of scams and fraud. Stolen databases are often shared in hacker communities, and experts emphasize the importance of transparency in such incidents.
Data protection consultant Carl Gottleib stresses the need for individuals to be informed about the fate of their data after a breach. Security researcher Kevin Beaumont calls for regulatory changes to ensure transparency and support for victims.
TfL, cleared by the UK's data watchdog, the Information Commissioner's Office (ICO), did not face further action. The ICO stated that formal regulatory action was not proportionate, but TfL must update them if new information arises.
