AG百家乐在线官网

TfL takes Oyster system offline after customer accounts accessed

A spokesperson says 1,200 accounts have been "accessed maliciously", but stress there has not been a compromise of the network.

Thursday 8 August 2019 16:36, UK

LONDON - JANUARY 16: In this photo illustration an Oyster travel card is displayed on a map of the London underground network on January 16, 2007 in London. The cost of travelling around the British capital is now the most expensive in the world with a rise of 33%. (Photo by Peter Macdiarmid/Getty Images)
Image: A spokesperson for TfL told Sky News that 1,200 customer accounts were 'accessed maliciously'
Why you can trust Sky News

Transport for London (TfL) has taken its Oyster system offline to protect customers' data after discovering accounts had been accessed by criminals.

According to TfL, a "small number" of customers had their accounts accessed "after their login credentials were compromised when using non-TfL websites".

The company added: "No customer payment details have been accessed, but as a precautionary measure and to protect our customers' data, we have temporarily closed online contactless and Oyster accounts while we put additional security measures in place.

"We will contact those customers who we have identified as being affected and we encourage all customers not to use the same password for multiple sites."

Even staff access to the online Oyster system , according to online technology magazine The Register, which first reported the incident.

A spokesperson for TfL told Sky News that 1,200 customer accounts were "accessed maliciously" but stressed that there had not been a compromise of the network, with users themselves responsible for the breach by recycling their credentials.

Despite this, the local government body has acknowledged its ability to tackle so-called "credential stuffing" attacks by taking down the online accounts portal for maintenance.

More on London

Related Topics:

A spokesperson for TfL also told Sky News they had been in touch with the National Cyber Security Centre and the Information Commissioner's Office (ICO).

An ICO spokesperson told Sky News: "We are aware of an incident concerning Transport for London and will be making enquiries."

Last November the ICO fined Uber £385,000 for failing to protect customers' personal information which was leaked in a credential stuffing attack.

Uber's situation had been considerably more to the detriment of its customers, however - the company actually paid off the hackers who stole data belonging to 57 million users, and then kept quiet about the breach.

It is understood the Uber incident involved the hackers gaining access to customer details via administrator accounts, while the TfL breach involved the customer credentials being taken from elsewhere.

Related Topics