Overview
- BBC reporting, based on a copy of the data, indicates attackers accessed records for roughly 10 million people, drawn from about 15 million lines that included duplicates.
- TfL said it emailed 7,113,429 customers tied to accounts in the compromised dataset and recorded an open rate of 58 percent.
- Around 5,000 customers were prioritized for support because Oyster refund records may have included bank account numbers and sort codes.
- The intrusion between late August and early September 2024 disrupted online portals and third‑party data feeds, though transport services continued to operate.
- Authorities linked the case to the Scattered Spider group; two suspects have been charged and await a June trial, and the ICO took no enforcement action after reviewing TfL’s response.