TfL cyberattack exposes commuter data as NCA arrests teenager
The city’s transport agency is reaching out to London commuters after the Transport for London (TfL) cyberattack earlier this month exposed the data of thousands of people, just as a teenager was arrested who he is believed to have been behind the incident.
According to the National Crime Agency (NCA), a 17-year-old man was arrested in Walsall, England, in connection with the incident.
The teenager was suspected of violating the Computer Misuse Law but has since been questioned by the NCA.
Despite the arrest, sources who spoke to the media said the incident is still ongoing and the threat actors are still at large.
The threat actor behind the attack is believed to have exfiltrated passenger data from multiple sources.
Around 5,000 passengers have potentially had their bank account data exposed through refund data and Oyster card usage, including sort codes and account numbers.
In addition, several travelers who had subscribed to TfL email alerts had their names, email accounts and/or home addresses exposed.
TfL said customers affected by the incident would be contacted directly. It also said it was improving its security measures.
Additionally, the NCA said it was working to support TfL in its response to the cyber attack.
“We have been working apace to support Transport for London following a cyber attack on its network and to identify the criminal actors responsible,” said deputy director of the NCA’s national cyber crime unit, Paul Foster.
“Attacks like this on public infrastructure can be hugely disruptive and have serious consequences for local communities and national systems.
“TfL’s rapid response following the incident has allowed us to act quickly and we are grateful for their continued cooperation with our investigation, which is ongoing.
“The NCA is leading the UK’s response to cybercrime. “We work closely with our partners to protect the public by ensuring that cybercriminals cannot act with impunity, whether by taking them to court or through other disruptive and preventative actions.”