Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Transport for London

Transport for London Vendor Cyber Rating & Cyber Score

tfl.gov.uk

Every day, we help millions of people to make journeys across London: By Tube, bus, tram, car, bike – and more. People don’t associate us with journeys by river, on foot or via the air, but we help with that, too. Getting people to where they need to go has been our business for over 100 years, and it shows. We’re leaders in our field, and no other city’s transport system is quite as recognisable: Red buses, black taxis, Tube trains and roundels have become icons in their own right. Our main job is to keep the city moving, working and growing but to do that, we have to listen. Constant improvements across the network are fuelled by feedback and comments from customers, as well as work within communities, representative groups, businesses


TL A.I CyberSecurity Scoring

TL
Company Information
Website:http://www.tfl.gov.uk/about
Employees number:18,421
Number of followers:0
NAICS:8135
Industry Type:Non-profit Organizations
Homepage:tfl.gov.uk
TL Risk Score (AI oriented)
Between 750 and 799
logo
TLNon-profit Organizations
Updated:
04/04/2026
795/1000
Fair
Baa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
TL Global Score (TPRM)
xxxx
logo
TLNon-profit Organizations
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

TL
TLFair
Current Score
795Baa (FAIR)
01000
5 incidents
-22.5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
799Before Incident
JUNE 2026
798Before Incident
MAY 2026
797Before Incident
APRIL 2026
796Before Incident
MARCH 2026
795Before Incident
FEBRUARY 2026
793Before Incident
JANUARY 2026
793Before Incident
DECEMBER 2025
595Before Incident
NOVEMBER 2025
620Before Incident
Cyber Attack
21 Nov 2025TL
Transport for London (TfL)

Cyber Attack on Transport for London (TfL) and Oracle Corporation Breach by Clop Ransomware

591After Incident
CRITICAL-29
TRA5292652112125
The cyber attack on Transport for London (TfL), executed by the teenage hacker collective Scattered Spider, caused $53 million in damages and three months of operational downtime. The breach led to the potential compromise of sensitive data, including employee names, emails, home addresses, and some customer data. The attack severely disrupted TfL’s transport services, highlighting vulnerabilities in critical infrastructure. Two defendants—Thalha Jubair (19) and Owen Flowers (18)—pleaded not guilty, with the trial scheduled for June 2026. The incident underscores the rising threat of cyber attacks on public services, with far-reaching financial and reputational consequences.
INCIDENT DETAILS -
TYPE
Unauthorized Access / Disruption (TfL)Ransomware / Data Breach (Oracle)
MOTIVATION
Unclear (potentially disruption or data theft for TfL)Financial gain / extortion (Oracle)
IMPACT
$53 million (TfL)Employee names, emails, home addresses; some TfL customer data (TfL)Potentially extensive corporate and client information (Oracle)TfL’s transport service operations (TfL)Oracle’s E-Business Suite Servers (Oracle)Nearly three months (TfL)Significant disruptions to TfL’s operations (TfL)Ongoing investigation; potential risks to Oracle cloud service clients (Oracle)Likely negative (TfL and Oracle)Ongoing trial for two teenagers (TfL)Potential (TfL employee and customer data)
DATA BREACH
Personal details (employee names, emails, home addresses); some customer data (TfL)Corporate and client information (Oracle)High (personal and employee data for TfL)High (corporate and client data for Oracle)Yes (data released on the dark web by Clop)Yes (TfL)
OCTOBER 2025
633Before Incident
Cyber Attack
24 Oct 2025TL
Transport for London (TfL)

Cyber Attack on Transport for London (TfL)

617After Incident
HIGH-16
TRA4592245102425
In a targeted cyber attack on Transport for London (TfL), two teenagers—Thalha Jubair (19) and Owen Flowers (18)—were charged under the Computer Misuse Act for orchestrating unauthorized acts that disrupted critical services. The attack, which unfolded over three months, severely impacted TfL’s operational infrastructure. Key disruptions included: - Real-time Tube information becoming unreliable or inaccessible, causing commuter confusion and delays. - Online journey history being compromised, affecting user records and travel data integrity. - Payment systems on the Oyster app experiencing outages, hindering fare processing and potentially leading to financial inconvenience for passengers. The prolonged disruption underscored vulnerabilities in TfL’s digital infrastructure, raising concerns about the resilience of public transport cybersecurity. While no evidence suggests data theft or ransomware demands, the attack’s operational and financial repercussions—including reputational damage and service degradation—highlighted the broader risks posed by cyber threats to essential urban services. The case remains under legal proceedings, with a trial scheduled for June 2026.
INCIDENT DETAILS -
TYPE
cyber attackunauthorised accessdisruption
IMPACT
live Tube informationonline journey historypayments on the Oyster appDowntime: 3 monthsOperational Impact: disruption to services including real-time updates and payment processingcharges under the Computer Misuse Act
SEPTEMBER 2025
631Before Incident
AUGUST 2025
627Before Incident
SEPTEMBER 2024
757Before Incident
Ransomware
01 Sep 2024TL
Transport for London (TfL)

WazirX Cryptocurrency Exchange Resumes Trading After $235M Hack

583After Incident
CRITICAL-174
TRA0662706102725
Transport for London (TfL) suffered a ransomware attack in early September 2024, resulting in financial losses of £39 million. The attack was attributed to the Scattered Spider hacking group, with two teenagers (aged 18 and 19) arraigned in court for their involvement. The incident disrupted operations and led to significant recovery costs, including legal, forensic, and system restoration expenses. The trial is scheduled for June 2025, highlighting the growing threat of ransomware against critical public infrastructure. The attack underscores the vulnerability of transportation networks to cyber extortion, with broader implications for urban mobility and public trust in digital systems.
INCIDENT DETAILS -
TYPE
Cyber TheftCryptocurrency Hack
MOTIVATION
Financial Gain
IMPACT
Financial Loss: $235 million (stolen assets)Cryptocurrency Exchange PlatformDowntime: 15 months (trading suspension)Operational Impact: Complete halt of trading operations; restructuring required for relaunchBrand Reputation Impact: High (prolonged downtime and significant financial loss)
AUGUST 2024
775Before Incident
Cyber Attack
01 Aug 2024TL
Transport for London (TfL)

Scattered Spider Cybercrime Group Members Charged in High-Profile Attacks on US Courts, Critical Infrastructure, and Transport for London (TfL)

757After Incident
CRITICAL-18
TRA2285022110725
In August 2024, Transport for London (TfL) suffered a cyber-attack orchestrated by suspected members of the Scattered Spider group, specifically Thalha Jubair (19) and Owen Flowers (18), who were later charged under the UK’s Computer Misuse Act. The breach compromised sensitive personal data of ~5,000 customers, including Oyster refund records with bank account numbers and sort codes. The attack disrupted TfL’s operations, incurring £30m (~$40.6m) in total costs, with £5m (~$6.7m) spent on external recovery efforts. The incident targeted critical national infrastructure, highlighting the group’s focus on high-impact extortion. Jubair alone was linked to 120+ network intrusions and $115m in ransom payments across 47 US entities, with cryptocurrency transfers (e.g., $8.4m moved during law enforcement seizures) suggesting sophisticated financial exploitation. The attack underscored the growing threat of UK-based cybercriminal syndicates leveraging social engineering to infiltrate systems, extort victims, and evade detection through minimal digital trails.
INCIDENT DETAILS -
TYPE
cybercrimeransomwaredata breachsocial engineeringextortion
MOTIVATION
financial gainextortion
IMPACT
Total: $115M+ (ransom payments)Tfl Incident: £30M ($40.6M)External Support Cost: £5M ($6.7M)Tfl Customers: 5,000 recordsOyster refund databank account numberssort codesUS court systemsUS critical infrastructure firmTransport for London (TfL)SSM Health Care CorporationSutter Healthsignificant disruption to TfL (UK critical national infrastructure)recovery efforts requiring external supportpotential reputational damage to TfL, US courts, and healthcare providerscharges under Computer Misuse Act (UK)conspiracy to commit computer fraud, wire fraud, and money laundering (US)RIPA charges for failing to disclose device passwords (UK)high (bank account details exposed)high (bank account numbers and sort codes compromised)
DATA BREACH
personally identifiable information (PII)financial data (bank account numbers, sort codes)Oyster refund dataNumber Of Records Exposed: 5,000 (TfL customers)Sensitivity Of Data: high
JUNE 2023
794Before Incident
Cyber Attack
16 Jun 2023TL
Transport for London (TfL)

Cyberattack on Transport for London (TfL) by Scattered Spider Hacking Collective

770After Incident
CRITICAL-24
TRA2592425091825
In August 2024, Transport for London (TfL) suffered a cyberattack attributed to the Scattered Spider hacking collective, involving two arrested teenagers (18-year-old Owen Flowers and 19-year-old Thalha Jubair). Initially, TfL claimed no customer data was compromised, but later confirmed the breach included names, contact details, and addresses of customers. The attack disrupted internal systems, online services, and refund processing, causing millions in financial losses and operational disruptions. TfL, a critical infrastructure provider serving 8.4 million Londoners, had previously faced a 2023 Clop ransomware attack via a third-party MOVEit server, exposing data of 13,000+ customers. The 2024 incident was part of a broader campaign by Scattered Spider, which also targeted U.S. healthcare providers (SSM Health, Sutter Health) and extorted $115M+ globally from 47+ U.S. organizations. While the attack did not halt transport services, it compromised customer PII and crippled administrative functions, aligning with patterns of financially motivated cybercrime with reputational and operational fallout. The NCA linked the group to 120+ breaches worldwide, highlighting its role in large-scale extortion and fraud.
INCIDENT DETAILS -
TYPE
CyberattackData BreachDisruption of ServicesRansomware (alleged)Extortion
MOTIVATION
Financial GainExtortionDisruption
IMPACT
Financial Loss: Millions (exact amount undisclosed)Customer namesContact detailsAddressesInternal systemsOnline servicesRefund processing systemsDisruption of internal operationsInability to process refundsNo impact on transportation servicesBrand Reputation Impact: High (critical national infrastructure targeted)Computer misuse charges (UK)Fraud-related charges (UK)Conspiracy to commit computer fraud, money laundering, and wire fraud (U.S.)Identity Theft Risk: Moderate (PII compromised)
DATA BREACH
Personally Identifiable Information (PII)Sensitivity Of Data: Moderate (names, contact details, addresses)Data Exfiltration: Yes (initially denied, later confirmed)Personally Identifiable Information: Yes

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for TL ?
?
What was TL's A.I Rankiteo Cyber Score in June 2026 ?
?
What was TL's A.I Rankiteo Cyber Score in May 2026 ?
?
What was TL's A.I Rankiteo Cyber Score in April 2026 ?
?
What was TL's A.I Rankiteo Cyber Score in March 2026 ?
?
What was TL's A.I Rankiteo Cyber Score in February 2026 ?
?
What was TL's A.I Rankiteo Cyber Score in January 2026 ?
?
What was TL's A.I Rankiteo Cyber Score in December 2025 ?
?
What was TL's A.I Rankiteo Cyber Score in November 2025 ?
?
What was TL's A.I Rankiteo Cyber Score in October 2025 ?
?
What was TL's A.I Rankiteo Cyber Score in September 2025 ?
?
What was TL's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on TL's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with TL ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view TL's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?