Please enable JavaScript to experience the full functionality of GMX.

Transport for London 2024 hack affected around 10 million people
Cutting-edge technology news and industry features with GMX

Transport for London 2024 hack affected around 10 million people

Approximately 10 million people had their data stolen when Transport for London (TfL) was hacked in 2024.

London tube train
Around 10 million people had their data stolen when TfL was hacked two years ago

The company stated that only "some" customers had been affected at the time, but the BBC has discovered that millions of people had their data taken in what was one of the biggest hacks in British history.

The cyber-attack, carried out by hackers from the Scattered Spider crime group, breached TfL's internal computer systems, disrupting its online services and causing £39 million in damages.

The attack, which occurred between August and September 2024, did not directly affect London transport but led to many TfL online services and information boards going offline.

The trial of two British teenagers accused of carrying out the hack is set to begin this summer.

A member of the hacking community who obtained a copy of the complete TfL database contacted the BBC - revealing names, email addresses, home phone numbers, mobile phone numbers and physical addresses of an estimated 10 million people.

The data, which was deleted by the BBC after viewing, contains millions of lines of names and personal information.

It has almost 15 million 'lines' of data altogether, but some of these are thought to be duplicates.

TfL has said it carried out a major investigation into the hack, and has admitted that it sent emails to over seven million customers with an email address registered to their TfL account to notify them what had happened.

However, the emails only had a 58 per cent open rate - indicating that millions of people impacted did not read the notification or did not have an active email registered to see the warning.

The risk to individuals remains low but data breach victims are at an increased likelihood of being targeted in scams and fraud attacks.

Companies that are victims of cyber-attacks in the UK aren't legally required to disclose the number of users affected by breaches but data protection and security experts say not revealing this data does little to help the fight against cyber-crime.

Data protection consultant Carl Gotleib said: "After a breach it's essential that individuals are informed exactly what has happened to their data and what the potential risk might be to their privacy."

Sponsored Content

Related Headlines

Harrogate
Travel
Harrogate named UK's most welcoming destination
Man on a laptop
Technology
AI 'increases the brain rot effect'
Waymo self-driving car
Technology
Driverless taxis expected to hit British streets within weeks
Amazon
Technology
Amazon announces AI investment plans
Arvid Lindblad
Sports
Arvid Lindblad 'excited' as F1 debut nears