iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Staff of London’s transport agency have been informed that they’re required to attend in-person password resets following this month’s cyber attack.
In a post on its employee hub, Transport for London (TfL) said that it is currently in the process of a “full system reset”, which will see staff lose access to their OneLondon accounts.
To restore access, TfL has invited its staff to attend in-person time slots for password reset and identity verification.
The agency said it needs to reset 30,000 passwords, which is expected to take some time. However, the accounts of more critical staff members will be prioritised.
“There are around 30,000 members of staff who need their OneLondon account passwords reset. We [have] a process in place to ensure that the most critical staff to the operation of our network are prioritised,” said TfL.
The TfL cyber attack has continued to develop over the last two weeks, despite the agency first stating that there had been no impact.
Disabled passengers were the first to be impacted after the Dial-A-Ride service became limited as a result, while TfL staff faced limited system access just days later.
Just last week, it was revealed that commuter data was exposed as part of the cyber attack.
About 5,000 passengers have potentially had their bank account data exposed through refund data and Oyster card use, including sort codes and account numbers.
Additionally, a number of commuters who had subscribed to TfL’s email alerts have had their name, email accounts, and/or home addresses exposed.
At the same time, the National Crime Agency (NCA) announced that a 17-year-old man was arrested in Walsall, England, in relation to the incident.
The teenager was suspected to have breached the Computer Misuse Act but has since been questioned by the NCA.
Despite the arrest, sources speaking with media said the incident is still ongoing and that threat actors are still at large.
Be the first to hear the latest developments in the cyber industry.
