The National Crime Agency has announced that it has arrested a teenager as part of its investigation into a cyber security incident affecting Transport for London ( TfL ).
The male, age 17, was being detained on suspicion of computer misuse charges in connection with the attack, which was carried out on TfL on September 1st.
The teenager, who was arrested on 5 September, was questioned by NCA officers and bailed.
Assistant director Paul Foster, head of the NCA’s National Cyber Crime Unit, said:” We have been working at pace to support Transport for London following a cyber attack on their network, and to identify the fugitive actors accountable”.
Forster described the security incident as an attack on public infrastructure, which he said can be hugely disruptive.
” The swift response by TfL following the incident has enabled us to act immediately, and we are grateful for their continued cooperation with our investigation, which remains ongoing”, he added.
TfL first announced on September 1 that it was having an “ongoing cyber security incident.” During the cyberattack, it needed to temporarily suspend the Dial-a-Ride assisted transit service for handicapped people as part of its response.
At the time, it said it had found no evidence customer data had been compromised. Yet, it has then conducted a deeper investigation that has shown some customer data was lost during the attack, and referred itself to the Information Commissioner’s Office.
According to Shashi Verma, TfL’s chief technology officer,” While there has been very little impact on our customers so far, the situation continues to evolve and our investigations have determined that some customer data has been accessed.” This includes some of the customer names and contact information ( as well as email and home addresses where available ).
” Some Oyster card refund data may also have been accessed, “he said”. For a select few customers, this might include bank account numbers and sort codes. As a precautionary measure, we will be in contact with these customers as soon as possible to let them know how much support we can offer them and what steps to take.
” We have notified the Information Commissioner’s Office and are working at pace with our partners to progress the investigation”, said Verma. ” We will provide additional updates as soon as possible”.
TfL claims to have implemented innovative IT security measures to make sure all safety-critical systems and procedures are up and running. Due to this work, TfL has needed to postpone the introduction of smart payments to 47 further stations.
According to Verma,” The security measures we are adopting suggest that it is now impossible for us to make the necessary system changes to enable 47 further stations outside of London to receive pay as you go with smart on September 22 as planned.”
