Transport for London has suffered a cyberattack that compromised the personal data of 10 million people, the BBC has revealed, marking one of the largest public sector data breaches in recent years.
The attack on Britain's busiest transport network affects millions of Londoners who rely on TfL services daily. Whilst the full scope of compromised data remains unclear, such breaches typically expose names, addresses, journey histories and payment details of passengers.
The massive scale suggests hackers accessed databases covering users across London's Underground, buses, and other TfL services. For many Londoners, this means their daily commuting patterns and personal information may now be in criminal hands.
Cybersecurity experts have long warned that critical infrastructure providers like TfL face increasingly sophisticated attacks. The transport authority joins a growing list of major organisations hit by data breaches, raising fresh questions about digital security investment across the public sector.
Affected passengers now face heightened risks of identity theft and fraud attempts as criminals potentially exploit their stolen information. TfL's handling of the aftermath—including victim support and security improvements—will face intense public scrutiny.
The breach highlights the ongoing cyber warfare targeting Britain's essential services. For TfL, maintaining passenger trust whilst securing one of the world's largest transport networks presents an enormous challenge as commuters demand answers about their compromised data.