Hackers who gained access to heart of London transport network jailed


The data of millions of commuters was stolen, Londoners were left out of pocket and 27,000 Transport for London staff were forced to reset their passwords.

Over four days in 2024 a pair of teenage hackers had London’s transport network at their mercy. The hackers had burrowed into the heart of Transport for London’s IT systems and held the “keys to the kingdom”.

While the main tube and bus networks were not directly affected, the dial-a-ride service for disabled passengers was unable to process bookings for a period. The head of TfL, Andy Lord – a veteran of British Airways – said the attack was the worst incident he had faced in his career.

Read more…
Source:  The Guardian


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • African authorities dismantle massive cybercrime and fraud networks, recover millions

    August 22, 2025

    LYON, France – In a sweeping INTERPOL-coordinated operation, authorities across Africa have arrested 1,209 cybercriminals targeting nearly 88,000 victims. The crackdown recovered USD 97.4 million and dismantled 11,432 malicious infrastructures, underscoring the global reach of cybercrime and the urgent need for cross-border cooperation. Operation Serengeti 2.0 (June to August 2025) brought together investigators from 18 African ...

  • US spy chief says UK has dropped its Apple backdoor demand

    August 19, 2025

    The U.K has dropped its demand for special access to Apple’s cloud systems, or a “backdoor,” following negotiations with the Trump administration, according to U.S. National Intelligence Director Tulsi Gabbard. “As a result, the U.K. has agreed to drop its mandate for Apple to provide a ‘back door’ that would have enabled access to the protected ...

  • UK: Thousands of Afghans, troops and civil servants may be victims of new data breach

    August 16, 2025

    Some 3,700 Afghans, British troops and civil servants may have fallen victim to a new data breach, after an incident involving a company linked to the Ministry of Defence. Stansted-based Inflite The Jet Centre Ltd suffered a data security incident which led to “unauthorised access to a limited number of company emails”, according to the firm. ...

  • Telco giant Colt suffers attack, takes systems offline

    August 15, 2025

    Multinational telco Colt Technology Services says a “cyber incident” is to blame for its customer portal and other services being down for a number of days Per its status page, the issues began on August 12 when a reported incident led to disrupted services for some customers. The London-headquartered company’s customer portal, Colt Online, was the ...

  • Digital Compliance Alert: UK Online Safety Act and EU Digital Services Act Cross-Border Impact Analysis

    July 26, 2025

    As of July 25, 2025, all sites and apps that allow pornography will need to have strong age checks in place, to make sure children can’t access that or other harmful content. This represents the most significant change to how adults access online content in the UK since the internet’s mainstream adoption. Gone are the days ...

  • Weak password allowed hackers to sink a 158-year-old company

    July 21, 2025

    One password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work. KNP – a Northamptonshire transport company – is just one of tens of thousands of UK businesses that have been hit by such attacks. Big names such as M&S, Co-op ...