London24NEWS

Teenage boy, 17, arrested after TfL prospects’ information hacked

A 17-year-old boy has been arrested in Walsall in relation to a cyber attack affecting Transport for London (TfL) which is ongoing, the National Crime Agency (NCA) has confirmed. 

The teenager was arrested on 5 September on suspicion of Computer Misuse Act offences in relation to the attack, questioned by officers and bailed, the NCA said in a statement.

TfL said today that some customer data, including names, addresses, emails and bank details, had been accessed in a continuing cyber attack.

The NCA is leading an investigation into the incident, which was first identified on September 1, and working closely with the National Cyber Security Centre and TfL.

Some Oyster card refund data, which could include bank account and sort code details, may also have been accessed in the cyber attack.

It is thought up to 5,000 customers could be impacted in this way. 

A 17-year-old boy has been arrested in Walsall in relation to an ongoing investigation into a cyber attack affecting Transport for London (TfL), the National Crime Agency has confirmed

A 17-year-old boy has been arrested in Walsall in relation to an ongoing investigation into a cyber attack affecting Transport for London (TfL), the National Crime Agency has confirmed

TfL said it would be directly contacting any customers who have been affected. 

Shashi Verma, TfL’s Chief Technology Officer, said: ‘The security of our systems and customer data is very important to us. 

‘We continually monitor who is accessing our systems to ensure only those authorised can gain access. 

‘We identified some suspicious activity on Sunday September 1 and took action to limit access. 

‘A thorough investigation continues alongside the National Crime Agency and the National Cyber Security Centre.

‘Although there has been very little impact on our customer so far, the situation continues to evolve and our investigations have identified that certain customer data has been accessed. 

‘This includes some customer names and contact details (including email addresses and home addresses where provided).

‘Some Oyster card refund data may also have been accessed. 

‘This could include bank account numbers and sort codes for a limited number of customers. 

‘As a precautionary measure, we will be contacting these customers directly as soon as possible to advise them of the support we can provide and the steps they can take.’

TfL added that ‘we are doing all we can to protect our services and secure our systems and data’ and has taken ‘proactive measures’ as a result.

These include:

  • Live Tube arrival information not being available on some digital channels, including TfL Go and the TfL website; in-station and journey planning information is however still available
  • Applications for new Oyster photocards, including Zip cards, have been temporarily suspended. Customers wanting to replace a lost photocard are advised to call 0343 222 1234 and select option 1 (charges may apply). Customers should continue making journeys as usual and keep a record of any fares paid. 
  • If using a contactless payment card, customers will not be able to access their online journey history