Teenager arrested in connection with TfL cyber attack
A 17-year-old male has been arrested in Walsall as part of an ongoing investigation into a cyber security breach at Transport for London (TfL). The arrest relates to offences under the Computer Misuse Act after an attack was launched on 1 September.
TfL has confirmed that customer data, including names, email addresses, and some bank details, may have been accessed. This includes data from approximately 5,000 customers who had applied for Oyster card refunds.
In a statement, TfL assured customers it has taken immediate steps to protect its systems and limit further unauthorised access. It is working closely with the National Crime Agency and National Cyber Security Centre to investigate the breach.
Although there has been minimal disruption to services, some digital functions, such as live Tube arrival information and Oyster photocard applications, are temporarily unavailable. TfL has also implemented staff IT identity checks to safeguard systems.
Customers potentially affected by the breach will be contacted directly by TfL with support and guidance. TfL has apologised for any inconvenience caused, advising passengers to check before travelling as minor disruptions may continue during the investigation.
Paul Foster, Head of the NCA's National Cyber Crime Unit, said: "We have been working at pace to support Transport for London following a cyber attack on their network, and to identify the criminal actors responsible.
"Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems.
"The swift response by TfL following the incident has enabled us to act quickly, and we are grateful for their continued co-operation with our investigation, which remains ongoing.
"The NCA leads the UK's response to cybercrime. We work closely with partners to protect the public by ensuring cyber criminals cannot act with impunity, whether that be by bringing them before the courts or through other disruptive and preventative action."
Shashi Verma, TfL's Chief Technology Officer, said: “The security of our systems and customer data is very important to us. We continually monitor who is accessing our systems to ensure only those authorised can gain access. We identified some suspicious activity on Sunday and took action to limit access. A thorough investigation is currently taking place and we are working closely with the National Crime Agency and the National Cyber Security Centre to respond to the incident.
“Internal measures to limit access remain in place and there remains no impact to our public transport services and no evidence that any customer data has been compromised. However, as part of the measures implemented to deal with the ongoing cyber security incident, we have temporarily restricted access to customer journey history for pay as you go contactless customers, as well as limited access to some live travel data via apps, TfL Go and the TfL website, including next train information and the TfL JamCams.
“In addition, we have made the decision to temporarily restrict access to the photocard portal, which allows customers to apply for travel concessions, including the Zip Photocard, 16+ and 18+ Photocard and the 60+ Oyster photocard. We apologise for any inconvenience that these temporary changes will cause to some customers and are working to bring these back online as quickly as possible.
“Earlier this week, the booking system for Dial a Ride was also temporarily unavailable - although pre-existing bookings were still fulfilled - again as a result of the internal measures implemented by us. Essential bookings are now able to be made again by phone and we are looking to return a full call centre service in the coming days.
“We will continue to keep our customers and our staff updated on the incident as part of this ongoing work and thank them for their patience as we respond to this incident.”
