In 2024, two individuals affiliated with the Scattered Spider cybercrime group successfully breached Transport for London's systems between August 31 and September 3. The attackers accessed and stole customer data from TfL's Oyster refunds system and disrupted refund services, causing operational delays. The breach forced 28,000 employees to reset passwords locally and inflicted £29 million in financial damage. Law enforcement arrested the perpetrators in 2025 after gathering digital evidence, including screenshots and videos of the intrusion. The attack also links one perpetrator to breaches at U.S. healthcare organizations. The incident underscores the impact of cyberattacks on critical national infrastructure and the importance of early engagement with law enforcement.

The attack caused significant operational disruption to TfL's transportation services and customer refund processes. Customer data was stolen, leading to privacy and potential fraud risks. The financial impact on TfL was approximately £29 million. The breach required all employees to reset passwords manually, indicating a widespread compromise of internal credentials. The incident also had reputational consequences for TfL and demonstrated vulnerabilities in critical infrastructure systems.

No specific patch or remediation details are provided for this incident. The vendor advisory or source does not mention any official fix or temporary mitigation. Organizations should engage law enforcement promptly when such incidents occur, as TfL did, to aid investigation and response. Password resets for all employees were necessary to contain the breach. Further mitigation would depend on internal TfL security improvements and incident response measures. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.