September 5, 2024 at 06:05AM
The Transport for London (TfL) “cyber incident” enters its third day, with suspicions that a popular appliance served as the access point for hackers. TfL, while tight-lipped, denies evidence of customer data compromise. Reports point to a potential breach through a Cisco VPN or Netscaler appliance. TfL’s containment measures hint at a ransomware attack or data exfiltration attempt. Maintenance on contactless services and offline functions like APIs are ongoing. The UK’s Information Commissioner’s Office is assessing the incident. Cisco has yet to respond to queries.
Key Takeaways from the Meeting Notes:
1. Transport for London (TfL) is currently dealing with a “cyber incident” that has persisted for three days, with suspicions that a popular appliance may have been used as an entry point for criminal access to the organization’s network.
2. TfL has not provided much detail on the incident but has stated there is no evidence of customer data compromise or impact on TfL services. Reports suggest that the hack may have involved the compromise of their Cisco VPN, leading to limitations on internet access for employees.
3. Access to the network was cut off after TfL identified suspicious activity during routine monitoring. The incident has resulted in the offline status of the contactless and Oyster account login page and other TfL functions, such as APIs for live Tube times.
4. There are suggestions that vulnerabilities in Cisco hardware and software may have been exploited by the attackers. TfL’s reaction to abruptly cut off access is indicative of a response to a potential ransomware attack or exfiltration attempt.
5. Depending on the nature of the breach, the UK’s Information Commissioner’s Office (ICO) should be notified within 72 hours. The ICO has confirmed that TfL has made them aware of the incident and they are assessing the information provided.
6. The US company, Cisco, has yet to comment on the incident.
These takeaways provide a clear understanding of the ongoing cyber incident at TfL and its potential implications for the organization, its services, and the necessary regulatory notifications.