The National Crime Agency has this afternoon announced that it has traced the source of the cyber attack against Transport for London to a teenager living in Walsall in the West Midlands.
The news comes as TfL has admitted for the first time that as many as 5,000 regular passengers on the capital’s bus, Tube, Overground and Tram networks may have had their banking details illegally accessed.
Of those affected, “This includes some customer names and contact details, including email addresses and home addresses where provided,” TfL said. Some Oyster card refund data may have also been accessed, “possibly including bank account numbers and sort codes for a limited number of customers”.
Today, the NCA issued a statement: “The 17-year-old male was detained on suspicion of Computer Misuse Act offences in relation to the attack, which was launched on TfL on September 1.”
The NCA says it is working with TfL and the National Cyber Security Centre “to manage the incident and minimise any risks”.
The teenager, who is not yet old enough to be named in the media, was arrested on September 5, questioned and bailed.
Paul Foster, the head of the NCA’s cyber crime unit, said: “Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems.
“The swift response by TfL following the incident has enabled us to act quickly, and we are grateful for their continued co-operation with our investigation, which remains ongoing.”
Apologising for the inconvenience caused to London’s public transport passengers, TfL said this afternoon: “We are doing all we can to protect our services and secure our systems and data.”
As a result of TfL’s responses to the hack attack:
- Live Tube arrival information is not available on some digital channels, including TfL Go and the TfL website. In-station and journey-planning information is still available
- Applications for new Oyster photocards, including Zip cards, have been temporarily suspended. “If you have been unable to apply, please continue making your journeys as usual and keep a record of any fares paid. We may be able to arrange a refund once the incident has been resolved and you receive your new photocard.”
- If you travel using a contactless payment card, you won’t be able to access your online journey history
- TfL is unable to issue refunds for incomplete pay-as-you-go journeys made using contactless, so passengers need to remember to touch in and out. Oyster customers can self-serve online.
“We’re also undertaking an all-staff IT identity check,” TfL said. “Although we don’t expect any significant impact to customer journeys as we carry out this process, temporary and limited disruption is possible to some services. Please check before you travel.”
The TfL and NCA investigation has discovered some possible illegal access to Oyster card refund data.
“Although there has been very little impact on our customers so far, the situation is evolving and our investigations have identified that certain customer data has been accessed,” TfL said.
“This includes some customer names and contact details, including email addresses and home addresses where provided.
“Some Oyster card refund data may have also been accessed. This could include bank account numbers and sort codes for a limited number of customers (around 5,000).
“If you are affected, we will contact you directly as soon as possible as a precautionary measure, and will offer you support and guidance.
“We will continue to keep you updated. We are sorry for the inconvenience this incident may cause and thank you for your patience.”
- If you have a news story about life in or around Croydon, or want to publicise your residents’ association or business, or if you have a local event to promote, please email us with full details at inside.croydon@btinternet.com
As featured on Google News Showcase
- Our comments section on every report provides all readers with an immediate “right of reply” on all our content. Our comments policy can be read by clicking here
Inside Croydon is a member of the Independent Community News Network
- Inside Croydon works together with the Bureau of Investigative Journalism, as well as BBC London News and ITV London
ROTTEN BOROUGH AWARDS: In January 2024, Croydon was named among the country’s rottenest boroughs for a SEVENTH successive year in the annual round-up of civic cock-ups in Private Eye magazine

It seems the ease at which a teenager can hack TfL is the major cause of concern and he should be employed by TfL to test their security not prosecuted by them. It seems TFL staff need a real shake up and monitoring.
Sadly this is more widespread in cyber payment than is reported, When the option of cash is taken away everyone is up for ransom, and not in just financial terms, but in that personal data as well. This is the price that is paid for progress. If your wallet is stolen or lost it is only you who is affected. A cyber attack can compromise millions.
So, a spotty teenager has rained on Mayor’s Khan’s self-satisfied parade. I can’t condone this boy’s actions but I don’t trust TFL to keep our personal data safe. In March last year they refused to answer a Freedom of Infoirmation request about what personal data they held on their customers.
It is not known if the teenager has acne