Transport for London (TfL) has disclosed that a breach in its systems has led to the exposure of certain customer data due to a cyber-attack. The breach, uncovered recently, has resulted in the unauthorized access of Oyster refund data, which includes sensitive information such as bank account numbers and sort codes pertaining to approximately 5000 customers.
In an update provided on September 12, TfL acknowledged that the attackers had also managed to obtain additional personal details of select customers. This compromised information comprises names, email addresses, and home addresses. As a precautionary measure, TfL has pledged to contact the affected customers promptly.
Furthermore, the government-operated transportation organization, which oversees a significant portion of London’s transport network, has initiated a comprehensive IT identity verification process for all staff members in response to the breach.
TfL assured the public that despite the ongoing investigation and security measures being implemented, there is no anticipation of major disruptions to customer journeys. However, temporary and minor disruptions to certain services may occur, prompting TfL to recommend passengers to check for updates before traveling.
Collaborating closely with the UK’s National Crime Agency (NCA) and National Cyber Security Centre (NCSC), TfL continues to delve into the cyber-attack incident that compelled the organization to temporarily halt some of its services on September 2. This temporary suspension included the discontinuation of Oyster photocards and Zip cards applications, as well as the unavailability of live Tube arrival information on the TfL Go app and website.
Moreover, the partial restriction of access to systems for many TfL staff members has resulted in delays in handling online queries. Nonetheless, the overall functioning of transport services across the city has not been adversely affected by the cyber security breach.
In a significant development, the NCA confirmed the arrest of a 17-year-old male in Walsall, West Midlands, on suspicion of offenses under the Computer Misuse Act related to the TfL cyber-attack. The suspect was apprehended on September 5, interrogated by NCA officials, and subsequently released on bail.
Deputy Director Paul Foster, who heads the NCA’s National Cyber Crime Unit, emphasized the unit’s swift response in providing support to TfL post-attack and in identifying the culprits involved. Foster underscored the disruptive nature of attacks on essential public infrastructure like TfL’s network, highlighting the potential severe ramifications for local communities and national systems.
The collaborative efforts between TfL and the NCA remain ongoing as they work hand in hand to address the implications of the cyber-attack and bolster the organization’s cybersecurity framework against future threats.