A 17-year-old male has been arrested on suspicion of Computer Misuse Act offences in relation to a cyber attack on Transport for London (TfL) on the 1st September.
Although TfL reported on its website on September 5th that “there is no evidence that any customer data has been compromised”, it has since been reported that a further investigation has revealed that this may not be the case.
It’s been reported that Shashi Verma, TfL’s chief technology officer has said that investigations have now revealed that “certain customer data has been accessed” which could include “some customer names and contact details” (which may include some email and physical addresses). Also, it’s been reported that some customer Oyster card refund data may also have been accessed which may include “bank account numbers and sort codes”. The teenage suspect (believed to be from Walsall) was arrested on September 5th, questioned, and bailed.
TfL has now referred itself to the Information Commissioner’s Office (ICO), says it is working with its partners to progress the investigation, and says it will be contacting customers directly about the matter. TfL also says it has implemented new IT security measures add extra protection to all its safety-critical systems and processes.