17-year-old arrested after cyberattack on TfL after it emerged that customers’ bank details had been hacked

September 12, 2024, 2:44 p.m. | Updated: September 12, 2024, 2:50 p.m.

A 17-year-old boy was arrested following a cybersecurity attack on TFL that resulted in the loss of customer data.

The names and contact details, including email and home addresses, as well as bank account numbers, were obtained from around 5,000 customers.

TFL said they became aware of the suspicious activity on September 1 and were working with the National Crime Agency (NCA) to resolve the issue.

However, there has been “very little impact” for customers so far, the transport service provider said.

They added that affected customers would be assisted and that safety measures would be put in place to delay the introduction of contactless ticketing at 47 stations outside London.

On Thursday afternoon, the NCA confirmed that the 17-year-old boy from Walsall had been arrested on suspicion of breaching the Computer Misuse Act in connection with the attack.

The teenager, arrested on September 5, was questioned by NCA officers and released on bail.

Deputy Director Paul Foster, Head of the NCA’s National Cyber ​​Crime Unit, said: “We have been working hard to support Transport for London following a cyber-attack on their network and to identify the criminals responsible.

“Attacks of this kind on public infrastructure can cause enormous disruption and have serious consequences for local communities and national systems.

Read more: Wife of disgraced entertainer Rolf Harris dies at the age of 93, one year after the death of her paedophile husband

Read more: Moment when the “Co-op Superwoman” store clerk steps in to stop a “shoplifter” as he runs out of the store

“TfL’s rapid response following the incident enabled us to act swiftly and we are grateful for their continued co-operation in our investigation, which is ongoing.

“The NCA leads the UK’s response to cybercrime. We work closely with partners to protect the public by ensuring cybercriminals cannot operate with impunity, whether that’s by bringing them to justice or through other disruptive and preventative measures.”

A TFL spokesperson previously said: “While there has been very little impact on our customers to date, the situation is evolving and our investigations have revealed that certain customer data has been accessed.”

“This includes some customer names and contact details, including email addresses and home addresses where provided.”

“Some Oyster card refund data may have been accessed.

“If you are affected, we will contact you directly as soon as possible as a precautionary measure and offer you support and advice. We are doing everything we can to protect our services and secure our systems and data.

“This could include account numbers and bank codes for a limited number of customers (around 5,000).”

Shashi Verma, TfL’s Chief Technology Officer, said:

“The security of our systems and customer data is very important to us. We continuously monitor who accesses our systems to ensure only authorised people have access. On Sunday 1 September we identified suspicious activity and took action to restrict access. Thorough investigations continue in conjunction with the National Crime Agency and the National Cyber ​​Security Centre.

“While there has been very little impact on our customer to date, the situation is evolving and our investigations have revealed that certain customer data has been accessed. This includes some customer names and contact details (including email addresses and home addresses where provided).

“Some Oyster card refund data may also have been accessed. This could include bank account numbers and sort codes for a limited number of customers. As a precautionary measure, we will be contacting these customers directly as soon as possible to advise them of the support we can offer and the steps they can take.

“We have notified the Information Commissioner’s Office and are working hard with our partners to progress the investigation. We will provide further updates as soon as possible.”

“In addition, as part of the measures we took to deal with the cyber incident, we have today taken additional measures to improve our security. This includes an IT identity check of all employees. During this planned process, we ensured that all security-critical systems and processes were maintained.

“We do not expect any significant impact on customer journeys whilst we undertake this process. However, there may be temporary and limited disruption to some services, so as always, please check before you travel.”

“Due to the safety measures we have put in place, we are currently unable to make the necessary system changes to enable 47 additional stations outside London to benefit from contactless prepaid ticketing as planned on 22 September. We are working with the Department for Transport and Rail Delivery Group to reschedule and apologise for the delay.

“We will continue to keep our customers and staff updated. I would like to apologize for any inconvenience this incident may cause customers and I thank everyone for their patience while we respond to this incident.”