 Transport for London (TfL) says that all staff (roughly 30,000 employees) must attend in-person appointments to verify their identities and reset passwords following a cybersecurity incident disclosed almost two weeks ago.’Resetting 30,000 colleague passwords in person will take some time and we will be prioritising the allocation of appointments centrally,’ TfL said on the [TfL employee hub](https://tflemployee.com/).’This means everyone will be required to attend an appointment at a specified TfL location to reset their password and be verified in-person for access to TfL applications and data,’ it [added](https://tflemployee.com/faq/).The same approach was taken by DICK’S Sporting Goods’ IT staff [after an August cyberattack](https://www.bleepingcomputer.com/news/security/dicks-shuts-down-email-locks-employee-accounts-after-cyberattack/), manually validating employees’ identities on camera before allowing them to regain access to internal systems.The London public transportation agency first informed the public [on September 2](https://www.bleepingcomputer.com/news/security/transport-for-london-discloses-ongoing-cyber-security-incident/) about the cybersecurity breach, assuring customers that there was no evidence of compromised data.Although the attack did not affect London’s transportation services, it [disrupted internal systems](https://www.bleepingcomputer.com/news/security/transport-for-london-staff-faces-systems-disruptions-after-cyberattack/), online services, and the agency’s ability to process refunds. As of last Friday, TfL staff continued to face outages and system disruptions, impacting their ability to respond to customer requests and issue refunds for contactless journeys.This week, an update on TfL’s incident status page [revealed](https://www.bleepingcomputer.com/news/security/transport-for-london-confirms-customer-data-stolen-in-cyberattack/) that customer data, including names, contact details, and addresses, had been compromised during the attack.’Some customers may ask questions about the security of our network and their data. First and foremost, we must reassure that our network is safe,’ the transport agency added on the TfL employee hub. ‘Secondly, we’re contacting customers directly about steps being taken regarding their data.’TfL also confirmed that attackers accessed employee and customer directory data, including email addresses, job titles, and employee numbers. However, it said there was no evidence that other sensitive data, such as banking details, dates of birth, or home addresses, had been compromised.Suspect arrested by UK’s National Crime Agency———————————————-On Thursday, the United Kingdom’s National Crime Agency [arrested a 17-year-old Walsall teenager](https://www.bleepingcomputer.com/news/security/uk-arrests-teen-linked-to-transport-for-london-cyber-attack/) suspected of being connected to the cyberattack on the city’s public transportation agency. The teenager was later released on bail after being questioned by NCA officers.The NCA [also arrested a 17-year-old male from Walsall in July](https://www.westmidlands.police.uk/news/west-midlands/news/news/2024/july/walsall-teenager-arrested-in-joint-west-midlands-police-and-fbi-operation/) for a possible link to the MGM Resorts ransomware attack. This attack was [attributed to the Scattered Spider hacking collective](https://www.bleepingcomputer.com/news/security/mgm-casinos-esxi-servers-allegedly-encrypted-in-ransomware-attack/), which acted as an affiliate of the BlackCat ransomware gang.BleepingComputer asked the NCA if the same individual was arrested again in September but has not yet received a response.TfL serves more than 8.4 million Londoners through its surface, underground, and Crossrail (jointly managed with the UK’s Transport Department) transport systems.In May 2023, the agency [experienced another data breach](https://www.london.gov.uk/who-we-are/what-london-assembly-does/questions-mayor/find-an-answer/tfl-russian-hack) when the Clop ransomware gang stole data belonging to approximately 13,000 customers from one of its suppliers’ MOVEit managed file transfer (MFT) servers. ### Related Articles:[Transport for London staff faces systems disruptions after cyberattack](https://www.bleepingcomputer.com/news/security/transport-for-london-staff-faces-systems-disruptions-after-cyberattack/)[UK arrests teen linked to Transport for London cyber attack](https://www.bleepingcomputer.com/news/security/uk-arrests-teen-linked-to-transport-for-london-cyber-attack/)[Transport for London discloses ongoing ‘cyber security incident’](https://www.bleepingcomputer.com/news/security/transport-for-london-discloses-ongoing-cyber-security-incident/)[Transport for London confirms customer data stolen in cyberattack](https://www.bleepingcomputer.com/news/security/transport-for-london-confirms-customer-data-stolen-in-cyberattack/)[UK takes down major ‘Russian Coms’ caller ID spoofing platform](https://www.bleepingcomputer.com/news/security/uk-takes-down-russian-comms-caller-id-spoofing-platform-used-to-scam-170-000-people/)
Related Tags:
Octo Tempest
NAICS: 44 – Retail Trade – Auto
Food
Home
NAICS: 921 – Executive
Legislative
Other General Government Support
NAICS: 72 – Accommodation And Food Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 92 – Public Administration
NAICS: 449 – Furniture
Home Furnishings
Electronics
Appliance Retailers
NAICS: 922 – Justice
Public Order
Safety Activities
NAICS: 721 – Accommodation
Associated Indicators: