TfL reveals bank data on 5,000 customers exposed in cyber attack, arrest made following incident

Commuter standing on a train at a London underground tube station, which is run by Transport for London (TfL).
(Image credit: Getty Images)

Transport for London (TfL) has revealed new details on the recent cyber attack that disrupted systems, confirming that some customer data might have been accessed during the incident. 

In an update to its advisory on the incident, the operator warned that Oyster card refund data may have been accessed. This could also include customer bank details, such as account numbers and sort codes for a “limited number” of commuters.

The operator said this could be as high as 5,000 customers.

Similarly, employee passwords are believed to have been compromised during the incident and the organization will conduct IT identity checks on all staff. 

The National Crime Agency (NCA) has also confirmed today (12th September) that an arrest has been made in the wake of the cyber attack.

A 17 year old male was arrested in Walsall last week as part of the investigation into the incident. Authorities said the individual was detained on suspicion of Computer Misuse Act offences.

Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said the agency has been “working at pace” to support TfL in the aftermath and to identify those responsible.

“Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems,” Foster said.

“The swift response by TfL following the incident has enabled us to act quickly, and we are grateful for their continued co-operation with our investigation, which remains ongoing.“

What happened in the TfL cyber attack?

TfL first revealed it was contending with a cyber incident on 1 September. The attack, which affected backroom systems at its headquarters, prompted TfL to ask staff to work from home. 

RELATED WHITEPAPER

The organization, which operates most of the transport network in London, including buses and tube trains, said services were not impacted by the incident. 

In its most recent update, however, the operator revealed that "many" staff still have limited access to systems. As a result, it advised there will be "some delays" to services. 

IT identity checks may also impact services, TfL warned. 

"Although we don't expect any significant impact to customer journeys as we carry out this process, temporary and limited disruption is possible to some services. Please check before you travel."

Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.