| Updated:
Transport for London (TfL) has revealed customer’s personal data, including names, home addresses and possibly bank details have been stolen as part of a major cyber attack first identified in September.
The NCA also confirmed on Wednesday a 17-year-old male had been arrested in connection with the incident.
“Although there has been very little impact on our customer so far, the situation continues to evolve and our investigations have identified that certain customer data has been accessed,” Shashi Verma, TfL’s chief technology officer, said.
“This includes some customer names and contact details (including email addresses and home addresses).”
Verma added that some Oyster card refund data “may also have been accessed,” including bank account numbers and sort codes for around 5,000 customers. “As a precautionary measure, we will be contacting these customers directly as soon as possible to advise them of the support we can provide and the steps they can take.”
London’s transport operator had previously said there was no evidence of such data being accessed, but revised its statement on Wednesday afternoon.
Suspicious activity was first identified on Sunday 1 September and has since prompted investigations from the National Crime Agency and the National Cyber Security Centre, which are ongoing.
“We have notified the Information Commissioner’s Office and are working at pace with our partners to progress the investigation. We will provide further updates as soon as possible,” Verma said.
TfL said it did not expect any “significant impact to customer journeys” as it puts in place a series of additional measures to bump up security. However, it means a planned September 22 roll-out of contactless pay as you go at some 47 stations outside of London will be pushed back.
Responding to the announcement, Lisa Barber, consumer champion Which?’s tech editor, said: “Transport for London customers will understandably be worried that their data has fallen into the hands of hackers who might try to exploit it, so it is vital that TfL provides clear and timely updates to victims and supports them in taking steps to protect themselves.
“Anyone concerned they could be affected should keep a close eye on bank accounts and credit reports for suspicious activity. Also be wary of unexpected phone calls, emails or fake ‘customer support’ messages popping up on social media regarding the breach, as scammers might try to take advantage of this cyber attack.”