TfL Update

Here are a couple of updates on the Transport for London (TfL) cyber security incident.

If you remember TfL said there was “no evidence” that customer data had been compromised.

Transport for London Cyber Incident | Smart Thinking Solutions

Update One

The authorities have arrested a suspect:

London transport cyber attack: Boy, 17, arrested – BBC News

But now there appears to be evidence that some customer data has been compromised, to quote the BBC:

“TfL said that about 5,000 customers’ sort codes and bank account details could have been accessed by hackers amid an “ongoing cyber security incident”.”

And:

TfL said data including names, emails and home addresses had been accessed.

TfL has been praised by Paul Foster, head of the NCA’s National Cyber Crime Unit, for their swift response to the incident, which has greatly limited the impact and has helped speed up the response.

Update Two

TfL is taking a hard line in the recovery from this incident. All of its staff – about 30,000 people – will have to attand a face-to-face appointent with at a TfL designated location, to verify their identity and reset their credentials before they will be allowed access again to TfL systems.

TfL requires in-person password resets for 30,000 employees after hack (bleepingcomputer.com)

This is an expensive, but positive step, to resecure their IT systems and re-establish their reputation with all their stakeholders.

Your Takeaway

If you have to deal with an incident there are two things I recommend to include in you incident response plan:

  • Have a set of communication documents pre-written, that can be adapted as required. This will help you keep on track with your message – not over promising or making statements that later are shown not to be the case. It will help reduce the stress of your incident response.
  • Make a positive plan to re-establish your reputation after the incident.

Clive Catton MSc (Cyber Security) – by-line and other articles