TfL says customer bank details may have been compromised in cyber attack as arrest made

Transport for London (TfL) has warned that some of its customers’ personal bank details may have been compromised after a cyber attack which took place earlier this month.

The tube and bus operator said some customer data had been accessed as part of the data breach on 1 September, which includes names and contact details and may also include bank account numbers and sort codes.

TfL had previously said there was “no evidence” customer data had been compromised. But the transport body has now informed the Information Commissioner’s Office of the data breach and is working on an investigation of the incident alongside the National Crime Agency and the National Cyber Security Centre.

It comes after a teenager was arrested in Walsall by the National Crime Agency, as part of its investigation into the incident.

The 17-year-old male was detained on suspicion of Computer Misuse Act offences in relation to the attack, the NCA said. The teenager, who was arrested on 5 September, was questioned by NCA officers and bailed.

Shashi Verma, TfL’s chief technology officer, said: “We identified some suspicious activity on Sunday 1 September and took action to limit access. A thorough investigation continues alongside the National Crime Agency and the National Cyber Security Centre.

“Although there has been very little impact on our customer so far, the situation continues to evolve and our investigations have identified that certain customer data has been accessed. This includes some customer names and contact details (including email addresses and home addresses where provided).

“Some Oyster card refund data may also have been accessed. This could include bank account numbers and sort codes for a limited number of customers. As a precautionary measure, we will be contacting these customers directly as soon as possible to advise them of the support we can provide and the steps they can take.”

TfL said it had today put in place additional measures to improve its internal security, including a new all-staff IT identity check.

The transport body added it not expect any significant impact to customer journeys as part of its response to the incident, but warned “temporary and limited disruption is possible to some services.”

The incident adds TfL to a growing list of public bodies to have fallen victim to a major cyber attack. In June, NHS England confirmed patient data had been stolen following a hacking attempt, while in May, the UK government reported a hack on military personnel data which accessed a UK Ministry of Defence contractor’s IT system.

Last October, the British Library suffered a huge attack by a group of hackers who demanded a ransom of 20 bitcoin. It is thought the national library could face costs of as much as £7m to repair its systems after the incident. As of September 2024 the outage is still affecting the British Library’s website, online systems and services, as well as some onsite services, according to the most recent update on its site.