TFL with a lot of password resets
It took a while for this to hit a news site. I don’t like posting things if I can’t link to something.
User Access Management (Starters/Leavers) and Privileged Access Management - most see it as an admin chore. Sure there are tools to help with it, but there are also tools for data classification…
This may seem embarrassing. You need your 30,000 employees to turn up in person, with ID and their devices to get their credentials reset.
If you had to securely reset your employees credentials after a breach, are the options detailed in your recovery plan? This seems to be Scattered Spider targeting Service Desks with social engineering*. You have to be sure you’re clean and secure. So it may seem embarrassing and slow, but it’s probably the absolutely correct approach.
Lessons would be learned. Would love to read about the investigation and recovery for this when it’s done. Transparency helps.
*Good catch in the article. 17yr old from Walsall. Same 17yr old from Walsall released on bail in July for the MGM attack? Tsk