Transport for London (TfL) has reported a cyber attack that may have compromised customer bank details.
- The incident occurred on 1 September, leading to an investigation by TfL and the National Crime Agency.
- A 17-year-old has been arrested in connection with the attack, suspected of Computer Misuse Act offences.
- TfL assures minimal impact on services but warns of possible data compromise, including bank details.
- Additional security measures have been instituted to prevent further breaches and protect customer data.
On 1 September, Transport for London (TfL) experienced a significant cyber attack, potentially compromising customer bank details. The agency has now confirmed that customer data such as names, contact details, bank account numbers, and sort codes might have been accessed. Initially, TfL indicated no evidence of data compromise, but further investigations necessitated alerting the Information Commissioner’s Office.
The National Crime Agency, in collaboration with the National Cyber Security Centre, is spearheading the investigation, which led to the arrest of a 17-year-old suspect in Walsall on 5 September. This individual is suspected of offences under the Computer Misuse Act and has been released on bail. Investigations continue to uncover the full scope of the attack and its implications for affected customers.
Shashi Verma, TfL’s chief technology officer, reported, “We identified some suspicious activity on Sunday 1 September and took action to limit access.” Despite the proactive measures, access to customer data, including Oyster card refund data possibly containing bank details, was confirmed. Verma assured that affected customers will be directly contacted and supported by TfL.
As a precaution, TfL has bolstered its internal security protocols, including implementing a comprehensive IT identity check for all staff. Although customer journeys remain largely unaffected, TfL acknowledges minor disruptions may occur as part of the ongoing response to the cyber attack.
This incident adds TfL to the increasing list of public bodies targeted by cyber breaches, highlighting vulnerabilities in digital infrastructures. Similar incidents have affected NHS England and the UK Ministry of Defence, underscoring the pressing necessity for heightened cyber security measures across sectors.
TfL remains committed to safeguarding customer data amid ongoing investigations, promising continued updates as circumstances evolve.
