TfL hit by cyber attack
Transport for London (TfL) has revealed it is dealing with an “ongoing” cybersecurity incident.
On Monday night, the capital’s transport network provider said that there was no evidence that any customer data has been compromised.
At the time, the organisation assured customers that there had been no impact on its services.
“The security of our systems and customer data is very important to us, and we have taken immediate action to prevent any further access to our systems,” said TfL in a statement, adding that it is working closely with government agencies to respond to the cyber attack.
Commenting on the news Javvad Malik, lead security awareness advocate at KnowBe4 said that while it is unclear how the breach at TfL occurred it is likely that its systems were penetrated through social engineering, unpatched software or poor credentials.



"We also need to bear in mind that the main root causes which allow criminals to penetrate organisations is through social engineering, unpatched software, or through poor credentials,” While it's not sure how the breach at TFL occurred, it is quite likely one of these avenues would be the culprit. Emphasising the fact that organisations need to pay close attention to the fundamentals, not just from a technological perspective, but from a human and procedural aspect too and work to build a culture of security throughout."


And Mayur Upadhyaya, CEO and co-founder at APIContext added:


"TfL's response, including the work-from-home directive and enhanced security measures, underscores the need for preparedness and contingency planning to minimize the impact of cyber incidents. Such proactive steps are crucial for maintaining operational resilience and mitigating potential damage.

"In today's interconnected world, APIs are the lifeblood of digital operations. Securing these gateways is paramount to preventing unauthorized access and data breaches. Regular security assessments, vulnerability management, and incident response planning are essential components of a robust cybersecurity strategy.

"The ever-evolving cyber threat landscape demands a proactive approach. Organizations must continuously adapt their security measures to stay ahead of emerging threats and ensure the resilience of their critical infrastructure."

---