Transport for London Confirms Customer Data Breach in Cyberattack, 5,000 Bank Details Compromised

Transport for London (TfL) recently confirmed that it suffered a cyberattack in which customer data, including names, contact details, email addresses, and home addresses, was compromised. The breach, which occurred on September 1, 2024, affected around 5,000 customers, potentially exposing their bank account numbers and sort codes. TfL initially reported the cybersecurity incident without evidence of data compromise but later discovered the extent of the breach after further investigation​(BleepingComputer)​(CityAM).

A 17-year-old male from Walsall was arrested on September 5 in connection with the attack. Authorities, including the National Crime Agency and the National Cyber Security Centre, are working closely with TfL to manage the incident and minimize risks. The investigation is ongoing to determine the full scope of the breach and its potential impact​(Enterprise Technology News and Analysis)​(ITVX).

In response to the attack, TfL has implemented several mitigation measures. They have temporarily suspended services like new Oyster photocard applications and have advised customers to be vigilant for any suspicious activity related to their accounts. The company is contacting affected customers directly to provide support and guidance on how to protect themselves from potential misuse of their data​(Bitdefender).