A 17-year-old male from Walsall has been arrested in connection with the cyber-attack on Transport for London (TfL) that potentially exposed the personal data of thousands of customers. The National Crime Agency (NCA) confirmed the teenager was detained on suspicion of offences under the Computer Misuse Act 1990, relating to the attack launched on 1 September. He was arrested on Thursday last week and has been released on bail.
TfL has begun contacting approximately 5,000 customers to warn that their email addresses and bank account details may have been accessed. The breach is understood to affect those who applied for refunds on journeys made using Oyster cards. The compromised data includes some customer names, contact details, and for a limited number, bank account numbers and sort codes.
The cyber-attack has also forced TfL to delay the rollout of contactless travel to 47 railway stations in south-east England, which was scheduled for 22 September. Shashi Verma, TfL's chief technology officer, said the investigation with the NCA and National Cyber Security Centre (NCSC) is ongoing, and the Information Commissioner's Office has been notified.
All TfL staff are required to report to headquarters in Southwark to reset their digital identities for email access, with appointments scheduled over the coming week. The attack has affected live data feeds for travel apps like Citymapper and TfL Go, but public transport services continue to run normally. TfL confirmed no ransom demand was made.
The NCSC urged anyone potentially affected to be vigilant against suspicious emails, phone calls, or text messages. The NCA's deputy director, Paul Foster, praised TfL's swift response, which enabled rapid action in the ongoing investigation.
