Teenager arrested over Transport for London cyber attack

12 September 2024, 16:24

A sign for the London underground in central London.
Potential Tube strike. Picture: PA

The boy, who was arrested on September 5, was questioned by National Crime Agency officers and bailed.

A 17-year-old boy has been arrested in Walsall as part of the investigation into a cyber security incident affecting Transport for London (TfL), the National Crime Agency (NCA) said.

The teenager was detained on suspicion of Computer Misuse Act offences in relation to the attack, which was launched on TfL on September 1.

The boy, who was arrested on September 5, was questioned by NCA officers and bailed.

It comes as TfL said some customer data was accessed in the cyber attack.

TfL has been investigating the incident, which was identified on September 1, alongside the NCA and said some customer names and contact details had been compromised.

Some Oyster card refund data may also have been accessed in the cyber attack which could include bank account details.

Shashi Verma, TfL’s chief technology officer, said: “The security of our systems and customer data is very important to us.

“We continually monitor who is accessing our systems to ensure only those authorised can gain access.

“We identified some suspicious activity on Sunday September 1 and took action to limit access.

“A thorough investigation continues alongside the National Crime Agency and the National Cyber Security Centre.

“Although there has been very little impact on our customers so far, the situation continues to evolve and our investigations have identified that certain customer data has been accessed.

“This includes some customer names and contact details (including email addresses and home addresses where provided).

“Some Oyster card refund data may also have been accessed.

“This could include bank account numbers and sort codes for a limited number of customers.

“As a precautionary measure, we will be contacting these customers directly as soon as possible to advise them of the support we can provide and the steps they can take.

“We have notified the Information Commissioner’s Office and are working at pace with our partners to progress the investigation.

“We will provide further updates as soon as possible.

“In addition, as part of the measures we have implemented to deal with the cyber incident, we have today put in place additional measures to improve our security.

“This includes an all-staff IT identity check.

“Throughout this planned process we have ensured that all safety critical systems and processes have been maintained.

“We do not expect any significant impact to customer journeys as we carry out this process.

“However, temporary and limited disruption is possible to some services so, as ever, please check before you travel.

“The security measures we are taking mean that it is now not possible for us to deliver the necessary system changes to enable 47 additional stations outside London to benefit from pay as you go with contactless on September 22 as planned.

“We are working with DfT and the Rail Delivery Group to reschedule and we apologise for the delay.

“We will continue to keep our customers and our staff updated.

“I would like to apologise for the inconvenience this incident may cause customers and I thank everyone for their patience as we respond to this incident.”

NCA deputy director Paul Foster, head of the NCA’s National Cyber Crime Unit, said: “We have been working at pace to support Transport for London following a cyber attack on their network, and to identify the criminal actors responsible.

“Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems.

“The swift response by TfL following the incident has enabled us to act quickly, and we are grateful for their continued co-operation with our investigation, which remains ongoing.

“The NCA leads the UK’s response to cyber crime.

“We work closely with partners to protect the public by ensuring cyber criminals cannot act with impunity, whether that be by bringing them before the courts or through other disruptive and preventative action.”

By Press Association

More Technology News

See more More Technology News

Woman talking on mobile phone and working on laptop

New AI-powered scam detection tool launches

Google screen

Google brings more AI to search engine in ‘significant’ update

UK Information Commissioner John Edwards

Accountability comes in many forms – Information Commissioner

The ChatGPT website

OpenAI raises £5 billion in largest ever funding round

A woman using a laptop as she holds a bank card

Meta partners with UK banks to combat fraud

The word Google in white on dark glass at the company's offices

Google breached TV company trademark through YouTube Shorts service, court told

The Vodafone logo on a smartphone

Vodafone and Three UK promise £10-a-month price cap for some mobile deals

An Asda store

Asda apologises after stores open later than planned due to till issue

The game developer has been fighting big tech firms for years over anti-competitive behaviour on their app stores (AP)

Epic Games sues Google and Samsung over anti-competition collusion claims

A woman using a mobile phone

Nearly a quarter of adults feel digitally excluded, survey finds

Minister for Justice Helen McEntee

Internet companies could face huge fines over content glorifying terrorism

GCHQ

UK issues alert over threat from cyber attackers working for Iranian state

An Amazon sign at the fulfillment centre in Hemel Hempstead, Hertfordshire

Competition regulator clears Amazon’s partnership with AI firm Anthropic

Meta logo on sign outside building

Meta fined 91m euro over password breach

Revolut, Chase and Modulr have agreed to join the 159 short-code phone service that people can call to speak to their bank when they are worried about a potential scam (Yui Mok/PA)

Revolut, Chase and Modulr agree to join 159 anti-scam service

Network Rail ‘cyber security incident’

Man arrested after cyber vandalism hit wifi at UK’s biggest railway stations