An arrest has been made in connection with the cyberattack on London’s transport network, with operator Transport for London (TfL) confirming some customer data has been accessed.
TfL, which manages the city’s buses, Crossrail, and underground train network, identified a breach on September 1, though at the time said no customer data was compromised.
In an update, TfL confirmed some Oyster card refund data may have been accessed, including the bank account numbers and sort codes for around 5,000 customers.
Subscribe today for free
“If you are affected, we will contact you directly as soon as possible as a precautionary measure, and will offer you support and guidance,” TfL said in a statement.
“We are doing all we can to protect our services and secure our systems and data.”
In the wake of the attack, live tube information was unavailable for travellers using apps like TfL and Citymapper.
TfL has since temporarily suspended applications for new Oyster photo cards. The operator is also unable to issue refunds for incomplete pay-as-you-go journeys made using contactless cards.
Staff are also being subject to an IT identity check as TfL’s investigation continues.
In addition to finding customer details had been compromised, the National Crime Agency (NCA) confirmed a 17-year-old man from Walsall had been arrested on suspicion of Computer Misuse Act offences concerning the attack.
The man was arrested on September 5 and was questioned by NCA officers before being released on bail.
“Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems,” said Paul Foster, deputy director of the NCA and head of the agency’s National Cyber Crime Unit.
“The swift response by TfL following the incident has enabled us to act quickly, and we are grateful for their continued cooperation with our investigation, which remains ongoing.”
RELATED STORIES
London transport network hit by cyberattack
Data centres gain protected status in UK as ‘Critical National Infrastructure’
Business groups urge Ofcom for extended broadband outage compensation