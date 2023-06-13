TfL warns 13,000 staff that it was raided by Russian hackers

London underground sign - Nick Ansell/PA Wire

Half of all Transport for London (TfL) staff have been warned that their data has been stolen by Russian hackers who targeted British Airways and the BBC.

A cybercrime gang called Clop targeted the capital’s train and bus operator last week as part of a wider attack that saw hundreds of thousands of Britons’ personal information stolen.

British Airways warned all of its 34,000 staff that their details had been stolen, while the BBC told all of its staff they were caught up in a “significant global issue”.

UK authorities are on high alert to see if any of the compromised data, which includes bank details, National Insurance numbers and addresses, is sold on the dark web as the gang’s ransom deadline approaches tomorrow.

A TfL spokesman confirmed the transport authority is writing to 13,000 of its workers, saying: “Like other companies in the UK, one of our contractors recently suffered a data breach. The issue has been fixed and the IT systems have been secured.”

No banking details belonging to TfL employees were stolen, however, and the Information Commissioner’s Office (ICO) has been informed.

Government statistics say cyber attacks affected 40pc of all UK businesses last year, costing them an average of £19,400.

The cost of a data breach starts at around £11,000 for small businesses, according to insurer Hiscox, ranging up to millions of pounds in ransom payouts and cleanup costs for larger organisations.

GCHQ’s security arm, the National Cyber Security Centre, has been contacting affected British companies to ensure they secure their servers against hackers, industry sources said.

Some said the official warning came early enough for them to close a loophole exploited by the Russians.

TfL’s warning to staff comes after Ofcom admitted on Monday it was also a target of the Russian gang, known as Clop.

Around 400 of Ofcom’s 1,200 staff had their payroll information stolen, while “confidential” data on regulated companies was also accessed by the hackers, the regulator said.

Clop is a prolific cyber gang whose members have been involved in cyber crime for around a decade, according to experts at cyber security company Secureworks.

In previous attacks the Russia-based gang, which uses the dark web to extort its victims, has targeted global companies including Hitachi, the Federal Reserve Bank of New Zealand, US-based Community Health Systems, and Swiss pharmaceutical giant Galderma.

Clop targeted a payroll management company called Zellis at the end of May, stealing data from eight of its UK customers including British Airways, the BBC, Aer Lingus and Boots.

Hackers targeted a vulnerability in MOVEit, data management software used by Zellis. A list of affected companies has been circulated on social media.

A Zellis spokesman said last week that it had notified the ICO and the National Cyber Security Centre, as well as Ireland’s Data Protection Commission.

Hacked companies can be fined up to 4pc of annual turnover under data protection laws, meaning Zellis faces a potential penalty of £7m.

Hedge fund giant Man Group, which is named in one list of MOVEit users seen by The Telegraph, declined to comment.

Other organisations, including Ofcom, were directly targeted by the Clop gang separately from the Zellis breach.

A ransom deadline imposed by Clop expires tomorrow. In a note posted to the dark web the gang urged hacked companies to contact them to negotiate a ransom.

Failure to pay the ransom – typically costing millions or tens of millions of pounds – would usually trigger the hackers to post sensitive stolen data on the dark web.

Broaden your horizons with award-winning British journalism. Try The Telegraph free for 1 month, then enjoy 1 year for just $9 with our US-exclusive offer.