The TfL hack that struck London’s transport network in 2024 has been revealed to be far larger than initially understood, with around 10 million people’s personal data stolen in what experts now describe as one of the largest cyberattacks in British history.
The breach targeted Transport for London (TfL) during August and September 2024, when hackers linked to the cybercrime group Scattered Spider gained access to internal computer systems.
Although trains, buses, and the Underground continued to operate, the attack disrupted several online services and exposed large volumes of customer data.
Information suggests the attackers downloaded a database containing about 15 million lines of data, with duplicates included. Investigators estimate that roughly 10 million unique individuals were affected.
The incident also carried a major financial impact. TfL estimates the attack cost the organisation around £39 million, adding to growing concerns about cybersecurity risks facing critical UK infrastructure and public services.
For millions of commuters who rely on TfL every day, the breach highlights how even essential transport systems can become targets for sophisticated cybercriminals.
What Data Was Stolen in the TfL Hack?
The stolen database contained personal information linked to TfL customer accounts. According to reports, the data included names, phone numbers, email addresses, and home addresses provided by users when registering services such as Oyster accounts.
Most of the information involved contact details rather than financial records. However, TfL confirmed that around 5,000 customers faced a higher level of risk because the attackers may have accessed Oyster refund data, which can include bank account numbers and sort codes.
Transport for London contacted those customers directly at the time to explain the situation and advise them on steps to protect their finances.
A TfL spokesperson said the organisation treats customer data security as a top priority and continues to strengthen its systems.
“The security of our systems and customer data is extremely important to us, and we continually monitor our systems to ensure only those authorised can gain access and continue to take all the necessary actions to protect them.”
How the Cyberattack Disrupted London’s Transport Network?
The TfL hack did not stop the capital’s transport services from operating, but it caused significant disruption to several digital systems used by passengers.
During the attack, parts of TfL’s online infrastructure were temporarily taken offline while security teams worked to contain the breach.
This meant that some customers were unable to access their accounts or register their Oyster cards online. Information displays and digital systems used across the network were also affected for a period.
Although the disruption was largely technical rather than operational, the incident created widespread frustration for passengers who rely on TfL’s digital services to manage travel payments and accounts.
Cybersecurity specialists say attacks like this are becoming increasingly common as criminal groups target organisations that manage large volumes of consumer data.
Who Is Accused of Carrying Out the TfL Hack?
Two teenagers have been charged in connection with the cyberattack and are currently awaiting trial in the UK courts.
Thalha Jubair, 19, from Bow in east London, and Owen Flowers, 18, from Walsall in the West Midlands, both deny allegations that they conspired to carry out unauthorised acts against TfL’s computer systems.
Jubair has also denied failing to comply with a police notice requiring him to disclose passwords or PIN codes for devices seized during the investigation.
Flowers faces additional allegations relating to attempts to access computer systems belonging to US healthcare organisations, including SSM Health Care Corporation and Sutter Health, though he denies those charges as well.
Their trial is scheduled to begin on 8 June and is expected to last between four and six weeks.
How Big Was the TfL Hack Compared With Other UK Cyberattacks?
Cyberattacks affecting millions of people have become more visible in the UK over the past decade, particularly as businesses and public bodies store large amounts of customer data online.
However, the scale of the TfL hack places it among the largest breaches involving a public organisation in Britain.
| Cyberattack | Year | Estimated People Affected |
|---|---|---|
| TfL Hack | 2024 | ~10 million |
| Co-op Cyberattack | 2025 | ~6.5 million |
| British Airways Data Breach | 2018 | ~500,000 |
Experts caution that the true scale of cyberattacks is often difficult to measure because organisations are not always legally required to publish the full number of affected customers.
Was TfL Found Responsible for the Data Breach?
The Information Commissioner’s Office (ICO), the UK’s data protection watchdog, investigated the breach after it became public.
Following its review, the regulator cleared Transport for London of wrongdoing, concluding that the organisation had taken appropriate action once the incident was identified.
TfL said it had kept customers informed and implemented additional safeguards to prevent similar attacks in the future.
A spokesperson said the organisation would continue strengthening cybersecurity measures across its systems while monitoring for any further threats.
Why the TfL Hack Matters for the UK Public?
The scale of the attack highlights how cybercrime is increasingly targeting organisations that hold large databases of personal information.
Even when services such as trains and buses continue operating, the theft of customer data can still create serious risks. Criminal groups often use stolen information to attempt phishing scams, identity fraud, or targeted online attacks.
For UK consumers, cybersecurity experts generally recommend staying alert for suspicious emails or messages that appear to come from organisations such as banks, transport services, or delivery companies.
The TfL breach also raises broader questions about how public organisations protect data and whether stronger cyber defences may be needed across critical national infrastructure.
