The UK National Crime Agency has arrested and detained a suspect – a 17-year-old male in Walsall (West Midlands) – on suspicion of Computer Misuse Act offences in relation to the Transport for London (TfL) cyberattack, the agency has announced today.
Also today, TfL has provided some insight into what their investigation has discovered, namely, that the attack was fist noticed on September 1 (Sunday), and that some customer data has been accessed – though they don’t mention whether it has also been exfiltrated.
The situation is evolving, but so far they know that some of the following data has or may have been accessed:
- Some customer names and contact details, including email addresses and home addresses (where provided)
- Some Oyster card refund data, which could include bank account numbers and sort codes for around 5,000 customers.
The company has promised to contact affected individuals directly to offer support and guidance.
In the meantime, the various services that have been unavailable for the past week or more – Live Tube arrival information on some digital channels, applications for new Oyster photocards, the Dial-a-Ride service, etc. – will continue to be so.
“Many of our staff have limited access to systems and, as a result, there will be some delays responding to any online enquiries,” the transport provider says.
“We’re also undertaking an all-staff IT identity check. Although we don’t expect any significant impact to customer journeys as we carry out this process, temporary and limited disruption is possible to some services. Please check before you travel.”
The teenager, who was arrested on September 5, has since been questioned by NCA officers and bailed.