13,000 Ulez drivers affected by the MOVEit data breach 


Up to 13,000 drivers are now caught up in the escalating MOVEit data breach. The drivers, who are on the Ulez and Congestion Charge databases, have had their bank details, National Insurance numbers and addresses stolen by Russian hackers.  

The data breach involves a contractor of Transport for London (TfL) and is part of a wider cyberattack carried out by Russian hackers. Over the last week, the Clop cybergang has stolen personal data from hundreds of thousands of people across the UK – and even more globally. 

Other affected organisations include:  

  • Zellis 
  • British Airways 
  • Boots  
  • The BBC 
  • Aer Lingus 
  • Ofcom 
  • Ernst & Young 

This is not a comprehensive list.  

How did the Ulez driver data breach happen?

TfL is writing to all 13,000 affected drivers. Commenting on the breach, a spokesman said: “Like other companies in the UK, one of our contractors recently suffered a data breach. The issue has been fixed and the IT systems have been secured.” 

Clop has threatened to start publishing stolen data from affected companies that did not email them to begin ransom negotiations by Wednesday (14 June 2023). According to the BBC, the “group is well-known for carrying out its threats. As such, the private and confidential stolen driver data may soon be for sale on the dark web.  

We have launched a no-win-no-fee group action claim to help victims of this data breach claim compensation. TfL is writing to all 13,000 affected drivers and if you receive notification of your involvement, please register below.    

In March 2024, our firm changed its name to KP Law. 

Share this article: