The UK National Crime Agency announced the arrest of a 17-year-old teenager on Thursday in connection with the ongoing Transport for London cyberattack. TfL's update, also on Thursday, reveals that the attackers definitively accessed customer data.
The September 1st attack caused continuous disruptions for the London transportation system – from TfL employees being told to stay home during the first days of the attack, to the ongoing outage of live Tube information, to current issues with the TFL’s contactless payment system.
On September 5th, the National Crime Agency (NCA) arrested a 17-year-old male in the West Midlands town of Walsall, located just north of Birmingham, about a three-hour drive northwest of London.
The suspect who was detained on suspicion of Computer Misuse Act, was said to have been was questioned by NCA officers and then released on bail.
No further information was provided by the NCA.
Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems.
undefined National Crime Agency (NCA) (@NCA_UK) September 12, 2024
The swift response by TfL following the incident has enabled us to act quickly, and we are grateful for their continued co-operation…
Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said his unit has been working “at pace to identify the criminal actors responsible” for the hack.
“Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems,” Foster said.
The deputy director added that the TfL’s “swift response” enabled the NCA to act quickly, and with the London agency’s continued cooperation, “the investigation remains ongoing.”
Hackers accessed customer PII
Until Thursday, the TfL, which had quickly taken its systems offline to isolate any damage, had stated that there was no indication customer data was compromised, and transportation services were not impacted during the London for Transport cyberattack.
Two weeks later and an update on the TfL website, also on Thursday, confirmed that some sensitive customer information was exposed in the cyber incident.
“The situation is evolving and our investigations have identified that certain customer data has been accessed. This includes some customer names and contact details, including email addresses and home addresses where provided,” the TfL update stated.
Additionally, around 5,000 Oyster card customer’s refund data may have been accessed, the TfL admitted.
“This could include bank account numbers and sort codes,” it said, adding that the TfL would be contacting the individuals whose accounts were impacted “as a precautionary measure to offer support and guidance.”
A report by the Guardian Series on Thursday stated that the cyberattack has forced the transportation agency to delay its plans to “extend contactless pay-as-you-go payment across its whole network.”
TfL's chief technology officer, Shashi Verma, told the Guardian that the previously scheduled September 22nd roll-out will be delayed over security issues and that a new date will be announced.
Almost 50 train stations outside of London, including 15 stations on the c2c train-operator network, were set to receive the contactless pay-as-you-go update.
"While this is extremely unfortunate, we recognize that it is vitally important that all issues are fully and satisfactorily resolved by TfL before we move forward," C2C managing director Rob Mullen said about the delay.
Additionally, the TFL updated its list of affected services as follows:
- Live Tube arrival information on TfL Go and the TfL website is down, but working inside stations.
- Applications for new Oyster photocards and Zip cards are temporarily suspended.
- Online journey history for contactless payment cards is unavailable.
- Refunds for incomplete pay as you go journeys using contactless are unavailable.
- Delayed responding to any online enquiries.
- Responses to online inquiries will be delayed.
- Limited employee access to systems.
The agency said it would also be “undertaking an all-staff IT identity check,” which could result in further disruptions to some TfL services.
The National Cyber Security Centre has also been involved in the investigation. For further information, customers can visit the Transport for London website.
Your email address will not be published. Required fields are markedmarked