Apparently Transport for London are dealing with a cyber security incident.
-
Kevin Beaumontreplied to Kevin Beaumont last edited by
For any press covering the #TfL hack - the 5000 bank accounts is separate to the customer names, emails and home addresses bit.
TfL didn't say how many people's details overall were accessed.
-
Kevin Beaumontreplied to Kevin Beaumont last edited by
One of the things TfL have done in their containment phase is locked their IT staff's accounts, who aren't working on recovery -- and they're working to manually reauthenticate who their staff are, i.e. check their identities.
In entirely unrelated () news, teenagers in LAPSUS$ and Scattered Spider often obtain access by calling up the helpdesk and saying they've lost their phone for MFA and/or forgot their password. Your containment playbooks should include stripping MFA devices.
-
Kevin Beaumontreplied to Kevin Beaumont last edited by
Transport for London latest - they are resetting the login and MFA details for 30,000 employees in person, accounts are locked. #TfL #threatintel
-
Kevin Beaumontreplied to Kevin Beaumont last edited by
The #TfL queue to get account access back is out the buildings and down the roads #threatintel