// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / Transport for London
Breach Record

Transport for London

DISCLOSED 2024-09-01 · PHISHING · 7,000,000 RECORDS EXPOSED

Transport for London (TfL) suffered a cyberattack by the threat actor group Scattered Spider, resulting in the theft of 7 million customer records. The attack did not disrupt train services. The breach was initiated through a phishing attack.

The record

What we know

Disclosed
2024-09-01
Attack vector
Phishing
Sector
Transportation
Country
United Kingdom
Records exposed
7,000,000
Domain
tfl.gov.uk
Data classes exposed
customer records
ENDPOINT INVOLVED
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · partial · opinion

A positive-security model might have prevented execution of unauthorized processes after initial phishing compromise, but could not block the phishing email itself. Effectiveness depends on whether the attacker's subsequent actions involved changes that would be rejected by an allowlist.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other phishing breaches on file

This page is the permanent ColdRecon entry for the Transport for London disclosure. It updates if new public reporting emerges. All tracked breaches →

Transport for London just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →