Teenage hacker arrested over TfL hack — as thousands of customer bank details confirmed stolen

(Image credit: Transport for London)

The effects of the Transport for London (TfL) cyberattack continue to rumble on, with news of thousands of customer banking details confirmed to have been accessed, and a potential culprit arrested by police.

On Sunday September 1, Transport for London (TfL) detected suspicious activity within its systems, sending an email alert to TfL accounts stating that it was "currently dealing with an ongoing cyber security incident."

Now, a second email, sent on September 12, stated TfL's "investigations have identified that certain customer data has been accessed," such as Oyster card refund data which could include "bank account numbers and sort codes for a limited number of customers (around 5,000)."

TfL customer data accessed

New applications for Oyster photocards and Zip cards have been temporarily suspended as a result of the cyberattack, with some Live Tube arrival information remaining unavailable.

According to TfL, additional data including "some customer names and contact details, including email addresses and home addresses" were accessed during the attack.

TfL’s chief technology officer Shashi Verma said (via BBC), "As a precautionary measure, we will be contacting these customers directly as soon as possible to advise them of the support we can provide and the steps they can take," adding, "We continually monitor who is accessing our systems to ensure only those authorised can gain access."

"We will continue to keep our customers and our staff updated. I would like to apologise for the inconvenience this incident may cause customers and I thank everyone for their patience as we respond to this incident," he concluded.

The company is still working with the National Crime Agency and the National Cyber Security Centre to conduct an investigation into the attack. TfL also said in it's email that it will be doing an "all-staff IT identity check."

The National Crime Agency has also said on September 5, a 17 year old boy was arrested in connection with the cyberattack in Walsall, West Midlands, and questioned on suspicion of Computer Misuse Act offences. He has since been bailed following the questioning.

"Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems," noted Paul Foster, head of the NCA's National Cyber Crime Unit.

"We have been working at pace to support Transport for London following a cyber attack on their network, and to identify the criminal actors responsible."

"The swift response by TfL following the incident has enabled us to act quickly, and we are grateful for their continued co-operation with our investigation, which remains ongoing."

More from TechRadar Pro

Take a look at some of the best firewalls
Business are being hit with thousands of new cyber threats every second
These are the best malware removal tools

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.