More than 5,000 regular passengers on public transport in the capital have been contacted by Transport for London after their details were accessed by hackers in a cyber attack.

Card check: more than 5,000 TfL passengers have had their details hacked

Thousands more have also been written to, as TfL seeks to reassure them that their Oyster card and other travel passes will continue to function, without an annual renewal, until the organisation has rectified and secured its data and information systems following a security breach three weeks ago.

TfL has apologised, calling the attack “sophisticated” – which suggests that the teenager in Swindon who was arrested in connection with the cyber attack earlier this month is unlikely to be the instigating culprit behind the hack.

TfL’s letters to the passengers it has identified as having had their details accessed states that personal information such as bank account numbers and sort codes may have been compromised.

The TfL letter warns affected customers that this data “may have included name and contact details, preferences for customer marketing and Oyster card refund data including bank account and sort code”.

The letters have a unique identifier so any customers unsure about its validity can call customer services at TfL.

In other letters, to thousands more regular passengers requiring pass renewals, TfL has said: “We are currently dealing with an ongoing cyber security incident. Until this is resolved, as a precaution, our photocard website is unavailable.

“From our investigation so far, there is nothing to suggest that your photocard data has been compromised. Please note that while our website is down, your photocard will continue to work as normal.

“When our photocard systems are back up and running, we will write to you again to let you know when to complete the check.”

TfL has informed the Information Commissioner’s Office about the incident and said it was continuing to work with relevant government agencies about the breach.

Read more: Bank details for 5,000 TfL passengers accessed in cyber attack
Read more: Cyber attack forces TfL to suspend all Oyster card renewals

Inside Croydon – If you want real journalism, delivering real news, from a publication that is actually based in the borough, please consider paying for it. Sign up today: click here for more details

• If you have a news story about life in or around Croydon, or want to publicise your residents’ association or business, or if you have a local event to promote, please email us with full details at inside.croydon@btinternet.com

• As featured on Google News Showcase

• We offer FREE ads to community groups when they have members who are paid subscribers to Inside Croydon

• Our comments section on every report provides all readers with an immediate “right of reply” on all our content. Our comments policy can be read by clicking here

• Inside Croydon is a member of the Independent Community News Network

• Inside Croydon works together with the Bureau of Investigative Journalism, as well as BBC London News and ITV London

• ROTTEN BOROUGH AWARDS: In January 2024, Croydon was named among the country’s rottenest boroughs for a SEVENTH successive year in the annual round-up of civic cock-ups in Private Eye magazine