17-year-old arrested over TfL cyber attack as it emerges customers’ bank details hacked
12 September 2024, 14:44 | Updated: 12 September 2024, 14:50
A 17-year-old boy has been arrested following a cyber security attack on TFL - which has involved the loss of customer details.
Listen to this article
Loading audio...
Names and contact details, including email and home addresses, as well as bank account numbers, have been accessed for around 5,000 customers.
TFL said they noticed the suspicious activity on September 1 and are working with the National Crime Agency (NCA) to solve the issue.
However, the transport provider said there had been "very little impact" on customers so far.
They added customers who have been affected will be supported - and is introducing security measures which will delay the roll out of contact-less ticketing to 47 stations outside London.
On Thursday afternoon, the NCA confirmed the 17-year-old boy from Walsall was detained on suspicion of Computer Misuse Act offences in relation to the attack.
The teenager, who was arrested on 5 September, was questioned by NCA officers and bailed.
Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said: “We have been working at pace to support Transport for London following a cyber attack on their network, and to identify the criminal actors responsible.
“Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems.
Read more: Wife of disgraced entertainer Rolf Harris dies aged 93 a year after death of paedophile husband
“The swift response by TfL following the incident has enabled us to act quickly, and we are grateful for their continued co-operation with our investigation, which remains ongoing.
“The NCA leads the UK’s response to cybercrime. We work closely with partners to protect the public by ensuring cyber criminals cannot act with impunity, whether that be by bringing them before the courts or through other disruptive and preventative action.”
A TFL spokesperson previously said: "Although there has been very little impact on our customers so far, the situation is evolving and our investigations have identified that certain customer data has been accessed.
"This includes some customer names and contact details, including email addresses and home addresses where provided.
"Some Oyster card refund data may have been accessed.
"If you are affected, we will contact you directly as soon as possible as a precautionary measure, and will offer you support and guidance.We are doing all we can to protect our services and secure our systems and data.
"This could include bank account numbers and sort codes for a limited number of customers (around 5,000)."
We are continuing to deal with an ongoing cyber security incident.
— TfL (@TfL) September 12, 2024
The security of our systems and customer data is very important to us, and we have taken immediate action to protect our systems.
Read more ↓https://t.co/vL0CtyODdr
Shashi Verma, TfL's Chief Technology Officer, said:
"The security of our systems and customer data is very important to us. We continually monitor who is accessing our systems to ensure only those authorised can gain access. We identified some suspicious activity on Sunday 1 September and took action to limit access. A thorough investigation continues alongside the National Crime Agency and the National Cyber Security Centre.
"Although there has been very little impact on our customer so far, the situation continues to evolve and our investigations have identified that certain customer data has been accessed. This includes some customer names and contact details (including email addresses and home addresses where provided).
"Some Oyster card refund data may also have been accessed. This could include bank account numbers and sort codes for a limited number of customers. As a precautionary measure, we will be contacting these customers directly as soon as possible to advise them of the support we can provide and the steps they can take.
"We have notified the Information Commissioner's Office and are working at pace with our partners to progress the investigation. We will provide further updates as soon as possible.
“In addition, as part of the measures we have implemented to deal with the cyber incident, we have today put in place additional measures to improve our security. This includes an all-staff IT identity check. Throughout this planned process we have ensured that all safety critical systems and processes have been maintained.
“We do not expect any significant impact to customer journeys as we carry out this process. However, temporary and limited disruption is possible to some services so, as ever, please check before you travel.
“The security measures we are taking mean that it is now not possible for us to deliver the necessary system changes to enable 47 additional stations outside London to benefit from pay as you go with contactless on 22 September as planned. We are working with DfT and the Rail Delivery Group to reschedule and we apologise for the delay.
"We will continue to keep our customers and our staff updated. I would like to apologise for the inconvenience this incident may cause customers and I thank everyone for their patience as we respond to this incident."
