TL A.I CyberSecurity Scoring
TL
Company Information
Website:http://www.tfl.gov.uk/about
Employees number:18,421
Number of followers:0
NAICS:8135
Industry Type:Non-profit Organizations
Homepage:tfl.gov.uk
TL Risk Score (AI oriented)
Between 750 and 799
TLNon-profit Organizations
Updated:
04/04/2026
04/04/2026
795/1000
Fair
Baa
TL Global Score (TPRM)
xxxx
TLNon-profit Organizations
Score locked

TLFair
Current Score
795Baa (FAIR)
01000
5 incidents
-22.5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
799
JUNE 2026
798
MAY 2026
797
APRIL 2026
796
MARCH 2026
795
FEBRUARY 2026
793
JANUARY 2026
793
DECEMBER 2025
595
NOVEMBER 2025
620
Cyber Attack
21 Nov 2025 • TL
Transport for London (TfL)
Cyber Attack on Transport for London (TfL) and Oracle Corporation Breach by Clop Ransomware
591
CRITICAL-29
TRA5292652112125
The cyber attack on Transport for London (TfL), executed by the teenage hacker collective Scattered Spider, caused $53 million in damages and three months of operational downtime. The breach led to the potential compromise of sensitive data, including employee names, emails, home addresses, and some customer data. The attack severely disrupted TfL’s transport services, highlighting vulnerabilities in critical infrastructure. Two defendants—Thalha Jubair (19) and Owen Flowers (18)—pleaded not guilty, with the trial scheduled for June 2026. The incident underscores the rising threat of cyber attacks on public services, with far-reaching financial and reputational consequences.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
OCTOBER 2025
633
Cyber Attack
24 Oct 2025 • TL
Transport for London (TfL)
Cyber Attack on Transport for London (TfL)
617
HIGH-16
TRA4592245102425
In a targeted cyber attack on Transport for London (TfL), two teenagers—Thalha Jubair (19) and Owen Flowers (18)—were charged under the Computer Misuse Act for orchestrating unauthorized acts that disrupted critical services. The attack, which unfolded over three months, severely impacted TfL’s operational infrastructure. Key disruptions included: - Real-time Tube information becoming unreliable or inaccessible, causing commuter confusion and delays. - Online journey history being compromised, affecting user records and travel data integrity. - Payment systems on the Oyster app experiencing outages, hindering fare processing and potentially leading to financial inconvenience for passengers. The prolonged disruption underscored vulnerabilities in TfL’s digital infrastructure, raising concerns about the resilience of public transport cybersecurity. While no evidence suggests data theft or ransomware demands, the attack’s operational and financial repercussions—including reputational damage and service degradation—highlighted the broader risks posed by cyber threats to essential urban services. The case remains under legal proceedings, with a trial scheduled for June 2026.
INCIDENT DETAILS -
TYPE
IMPACT
REFERENCES
SEPTEMBER 2025
631
AUGUST 2025
627
SEPTEMBER 2024
757
Ransomware
01 Sep 2024 • TL
Transport for London (TfL)
WazirX Cryptocurrency Exchange Resumes Trading After $235M Hack
583
CRITICAL-174
TRA0662706102725
Transport for London (TfL) suffered a ransomware attack in early September 2024, resulting in financial losses of £39 million. The attack was attributed to the Scattered Spider hacking group, with two teenagers (aged 18 and 19) arraigned in court for their involvement. The incident disrupted operations and led to significant recovery costs, including legal, forensic, and system restoration expenses. The trial is scheduled for June 2025, highlighting the growing threat of ransomware against critical public infrastructure. The attack underscores the vulnerability of transportation networks to cyber extortion, with broader implications for urban mobility and public trust in digital systems.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
REFERENCES
AUGUST 2024
775
Cyber Attack
01 Aug 2024 • TL
Transport for London (TfL)
Scattered Spider Cybercrime Group Members Charged in High-Profile Attacks on US Courts, Critical Infrastructure, and Transport for London (TfL)
757
CRITICAL-18
TRA2285022110725
In August 2024, Transport for London (TfL) suffered a cyber-attack orchestrated by suspected members of the Scattered Spider group, specifically Thalha Jubair (19) and Owen Flowers (18), who were later charged under the UK’s Computer Misuse Act. The breach compromised sensitive personal data of ~5,000 customers, including Oyster refund records with bank account numbers and sort codes. The attack disrupted TfL’s operations, incurring £30m (~$40.6m) in total costs, with £5m (~$6.7m) spent on external recovery efforts. The incident targeted critical national infrastructure, highlighting the group’s focus on high-impact extortion. Jubair alone was linked to 120+ network intrusions and $115m in ransom payments across 47 US entities, with cryptocurrency transfers (e.g., $8.4m moved during law enforcement seizures) suggesting sophisticated financial exploitation. The attack underscored the growing threat of UK-based cybercriminal syndicates leveraging social engineering to infiltrate systems, extort victims, and evade detection through minimal digital trails.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JUNE 2023
794
Cyber Attack
16 Jun 2023 • TL
Transport for London (TfL)
Cyberattack on Transport for London (TfL) by Scattered Spider Hacking Collective
770
CRITICAL-24
TRA2592425091825
In August 2024, Transport for London (TfL) suffered a cyberattack attributed to the Scattered Spider hacking collective, involving two arrested teenagers (18-year-old Owen Flowers and 19-year-old Thalha Jubair). Initially, TfL claimed no customer data was compromised, but later confirmed the breach included names, contact details, and addresses of customers. The attack disrupted internal systems, online services, and refund processing, causing millions in financial losses and operational disruptions. TfL, a critical infrastructure provider serving 8.4 million Londoners, had previously faced a 2023 Clop ransomware attack via a third-party MOVEit server, exposing data of 13,000+ customers. The 2024 incident was part of a broader campaign by Scattered Spider, which also targeted U.S. healthcare providers (SSM Health, Sutter Health) and extorted $115M+ globally from 47+ U.S. organizations. While the attack did not halt transport services, it compromised customer PII and crippled administrative functions, aligning with patterns of financially motivated cybercrime with reputational and operational fallout. The NCA linked the group to 120+ breaches worldwide, highlighting its role in large-scale extortion and fraud.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for TL ??
What was TL's A.I Rankiteo Cyber Score in June 2026 ??
What was TL's A.I Rankiteo Cyber Score in May 2026 ??
What was TL's A.I Rankiteo Cyber Score in April 2026 ??
What was TL's A.I Rankiteo Cyber Score in March 2026 ??
What was TL's A.I Rankiteo Cyber Score in February 2026 ??
What was TL's A.I Rankiteo Cyber Score in January 2026 ??
What was TL's A.I Rankiteo Cyber Score in December 2025 ??
What was TL's A.I Rankiteo Cyber Score in November 2025 ??
What was TL's A.I Rankiteo Cyber Score in October 2025 ??
What was TL's A.I Rankiteo Cyber Score in September 2025 ??
What was TL's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on TL's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with TL ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view TL's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?