Skip to content

Search the site

TfL5GNews

Transport for London admits customer bank data exposure as "cyber security incident" rolls on

Workers still "have limited access to systems" and an "all-staff IT identity check" is due to take place to shore up security.

TfL operates the tube and other forms of transport across the capital   (Photo: Pau Casals on Unsplash)
TfL operates the tube and other forms of transport across the capital (Photo: Pau Casals on Unsplash)

Thousands of Transport for London (TfL) customers' bank data may have been accessed during an ongoing "cyber security incident" that is continuing to cause technical disruption through the capital's transport network's systems.

Today (September 12), TfL updated its earlier statement about the attack.

"Although there has been very little impact on our customers so far, the situation is evolving and our investigations have identified that certain customer data has been accessed," it wrote. "This includes some customer names and contact details, including email addresses and home addresses where provided.

"Some Oyster card refund data may have been accessed. This could include bank account numbers and sort codes for a limited number of customers (around 5,000)."

"If you are affected, we will contact you directly as soon as possible as a precautionary measure, and will offer you support and guidance."

TfL first identified suspicious activity on Sunday 1 September and "took action to limit access". It is now investigating the incident alongside the National Crime Agency and the National Cyber Security Centre.

"We are doing all we can to protect our services and secure our systems and data," TfL added.

TfL CTO leads response to "ongoing cyber security incident"

It has now launched "proactive measures" which have had several impacts throughout the network.

Live Tube arrival information is currently not available through some digital channels, including TfL Go and the TfL website

Applications for new Oyster photocards, including Zip cards, have been temporarily suspended.

Many members of staff "have limited access to systems" and an "all-staff IT identity check" is due to take place.

As part of the investgation, the National Crime Agency has arrested a teenager Walsall by the National Crime Agency.

A 17-year-old male on September 5 was detained on suspicion of Computer Misuse Act offences.

Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said: “We have been working at pace to support Transport for London following a cyber attack on their network.

“Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems.

“The NCA leads the UK’s response to cybercrime. We work closely with partners to protect the public by ensuring cyber criminals cannot act with impunity, whether that be by bringing them before the courts or through other disruptive and preventative action.”

‘Evil’ botnet unleashes ‘record-breaking’ DDoS attack

Latest