Transport London (TfL) said that after the cyber security incident disclosed nearly two weeks ago, all employees (about 30,000 employees) must attend the appointment in person to verify their identities and reset their passwords.

Transport London said at the staff Center: "It will take some time to reset the passwords of 30,000 colleagues in person, and we will give priority to centralized allocation of appointments."

it added: "This means that everyone must make an appointment at a place designated by the Transportation Bureau to reset the password and verify in person before accessing the transportation bureau applications and data. "

after being attacked by the Internet in August, the IT staff of DICK'S dispatched Goods also adopted the same method, first manually verifying the identities of employees through cameras, and then allowing them to re-access the internal system.

London's public transport agency informed the public of the cyber security vulnerabilities for the first time on September 2 and assured passengers that there was no evidence that the data had been leaked.

Although the attack did not affect London's transportation services, it destroyed the internal system, online services and the agency's ability to handle refunds. As of last Friday, London transportation bureau staff continued to face power outages and system interruptions, affecting their ability to respond to customer requests and issue non-contact travel refunds.

This week, an update on the incident status page of Transport London showed that customer data including names, contact information, and addresses were leaked during the attack.

"Some customers may question the security of our network and data. First, we must ensure that our network is safe, "the transport bureau added at the TfL staff Center. "Secondly, we are directly contacting customers and informing them of the measures taken on the data."

transport London also confirmed that the attacker obtained employee and customer directory data, including email addresses, positions, and employee numbers. However, the company said there was no evidence that other sensitive data (such as bank details, date of birth or home address) had been leaked.

English national Criminal Investigation Bureau arrested suspects

on Thursday, the British National Crime Bureau arrested a 17-year-old walsol teenager suspected of being involved in cyber attacks by the city's public transportation agencies. The teenager was later released on bail after being questioned by NCA officials.

NCA also arrested a 17-year-old man from volsol in July, who may be related to blackmail software attacks at MGM resort. The attack was attributed to the Scattered Spider hacker organization, which is a subsidiary of the BlackCat BlackCat blackmail software group.

BleepingComputer asked NCA whether the same person was arrested again in September, but no reply was received.

Transport London provides services to more than 8.4 million Londoners through its ground, underground and trans-Railway (jointly managed with the British Ministry of Transport) transportation systems.

In May 2023, the agency encountered data leakage again. The Clop blackmail software group stole data from about 13,000 customers from one of its suppliers's MOVEit management file transfer (MFT) servers.

Source: BleepingComputer

reprinted from: Rhino safety