A 17-year-old boy has been arrested in connection with the cyber security incident affecting Transport for London (TfL), the National Crime Agency (NCA) said.
TfL initially stated that there was no evidence customer data was accessed, but has since confirmed that some data, including customer names, contact details, email addresses, and home addresses, has been accessed. TfL also warned that some Oyster card refund data may have been accessed, including bank account numbers and sort codes for around 5,000 customers.
The NCA said the teenager was arrested in Walsall, West Midlands, on 5 September, after the cyber attack began four days earlier. The teenager was arrested on suspicion of Computer Misuse Act offences and has since been bailed.
The NCA said it was working with TfL and the National Cyber Security Centre (NCSC) to minimise the risk to customers.
Paul Foster, head of the NCA's National Cyber Crime Unit, said: "Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems."
He added: "We have been working at pace to support Transport for London following a cyber attack on their network, and to identify the criminal actors responsible."
"The swift response by TfL following the incident has enabled us to act quickly, and we are grateful for their continued co-operation with our investigation, which remains ongoing."
TfL’s chief technology officer Shashi Verma said the customers who had been affected would be contacted directly.
He added that an investigation into the cyber attack was taking place alongside the NCA and the NCSC.
"Although there has been very little impact on our customers so far, the situation continues to evolve and our investigations have identified that certain customer data has been accessed," he said.
"This includes some customer names and contact details, including email addresses and home addresses where provided."
"Some Oyster card refund data may also have been accessed. This could include bank account numbers and sort codes for a limited number of customers."
"As a precautionary measure, we will be contacting these customers directly as soon as possible to advise them of the support we can provide and the steps they can take."
Mr Verma added that the "security" of its systems and customer data were "very important" to TfL.
"We continually monitor who is accessing our systems to ensure only those authorised can gain access," he said.
"We will continue to keep our customers and our staff updated."
"I would like to apologise for the inconvenience this incident may cause customers and I thank everyone for their patience as we respond to this incident."
The NCSC is urging anyone who thinks they may have been the victim of a data breach to be vigilant about suspicious emails, phone calls or text messages.
Impact of the Cyberattack
The cyber attack has had a significant impact on TfL's operations. Large chunks of the TfL IT infrastructure have been pulled offline, including live tube arrival information, applications for new Oyster photocards, and refunds for incomplete pay-as-you-go journeys made using contactless. Staff have also been affected, with limited access to systems and a requirement for 30,000 employees to reset their passwords in person.
A Wider Trend
The attack on TfL is part of a wider trend of cyberattacks targeting critical infrastructure. In recent years, there have been a number of high-profile attacks on hospitals, schools, and government agencies. These attacks can have a devastating impact on the lives of individuals and communities.
The Need for Enhanced Security
The attack on TfL highlights the need for enhanced cybersecurity measures to protect critical infrastructure. Governments and businesses need to invest in robust security systems and train their staff on how to identify and prevent cyberattacks. This is especially important given the increasing sophistication of cybercriminals.
The Next Steps
The investigation into the cyber attack on TfL is ongoing. The NCA is working with TfL and the NCSC to identify the perpetrators and bring them to justice. The incident also serves as a reminder of the importance of protecting personal data and being vigilant about cyber threats. The authorities are urging anyone who thinks they may have been the victim of a data breach to report it to the NCSC.
The Takeaway
The cyberattack on TfL is a wake-up call for everyone. It shows that no one is immune to cyber threats, and that the consequences of these attacks can be severe. We all need to be more vigilant about protecting our data and taking steps to enhance our cybersecurity.
