Skip to content
City PM
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
Thursday 12 September 2024 2:34 pm  |  Updated:  Thursday 12 September 2024 4:12 pm

Transport for London: Bank account details may have been stolen in cyberattack

By: Guy Taylor

Transport Reporter

Add as a preferred source on Google
TfL is planning to introduce the first of five charging hubs in the capital from 2026.
TfL is planning to introduce the first of five charging hubs in the capital from 2026.

Transport for London (TfL) has revealed customer’s personal data, including names, home addresses and possibly bank details have been stolen as part of a major cyber attack first identified in September.

The NCA also confirmed on Wednesday a 17-year-old male had been arrested in connection with the incident.

“Although there has been very little impact on our customer so far, the situation continues to evolve and our investigations have identified that certain customer data has been accessed,” Shashi Verma, TfL’s chief technology officer, said.

“This includes some customer names and contact details (including email addresses and home addresses).”

Verma added that some Oyster card refund data “may also have been accessed,” including bank account numbers and sort codes for around 5,000 customers. “As a precautionary measure, we will be contacting these customers directly as soon as possible to advise them of the support we can provide and the steps they can take.”

London’s transport operator had previously said there was no evidence of such data being accessed, but revised its statement on Wednesday afternoon.

Suspicious activity was first identified on Sunday 1 September and has since prompted investigations from the National Crime Agency and the National Cyber Security Centre, which are ongoing.

“We have notified the Information Commissioner’s Office and are working at pace with our partners to progress the investigation. We will provide further updates as soon as possible,” Verma said.

TfL said it did not expect any “significant impact to customer journeys” as it puts in place a series of additional measures to bump up security. However, it means a planned September 22 roll-out of contactless pay as you go at some 47 stations outside of London will be pushed back.

Responding to the announcement, Lisa Barber, consumer champion Which?’s tech editor, said: “Transport for London customers will understandably be worried that their data has fallen into the hands of hackers who might try to exploit it, so it is vital that TfL provides clear and timely updates to victims and supports them in taking steps to protect themselves.

“Anyone concerned they could be affected should keep a close eye on bank accounts and credit reports for suspicious activity. Also be wary of unexpected phone calls, emails or fake ‘customer support’ messages popping up on social media regarding the breach, as scammers might try to take advantage of this cyber attack.”

Read more

Gambit Cyber Launches Vizier AI – An Autonomous Security Intelligence Workspace for Continuous Exposure Management

Share this article

  • Facebook
  • X
  • LinkedIn
  • WhatsApp
  • Email

Similarly tagged content:

Sections

  • News

Categories

  • Business

People & Organisations

  • cyber attack
  • Transport for London

Trending Articles

  • Billionaire Easyjet founder in line for £800m payday from takeover

  • Burnham told to launch £100bn tax reform package

  • Construction sector cuts jobs again as house building slumps

  • Pension pressure to help swell UK debt to three times size of economy

  • As it happened: FTSE 100 slump as oil soars; Trump says Iran will be ‘hit hard’ tonight

More from City PM

  • Gambit Cyber Launches Vizier AI – An Autonomous Security Intelligence Workspace for Continuous Exposure Management

    Business Wire
  • TfL dispel concerns over Queen’s tennis final tube havoc

    Sport Business
    Without specific context from the article, Im unable to generate an accurate alt text. Could you provide more details from...
  • The Debate: Should CEOs be held personally accountable for cyberattacks?

    Opinion
    Evil-looking keyboard symbolizing cybersecurity threats and hacking risks in a digital landscape.
  • For all their charm, digital banks still leave me tearing my hair out

    Opinion
    Digital bank interface showing user-friendly dashboard with financial analytics and transaction history on a modern screen
  • Professional services firms the ‘flavour of the month’ for cyberattacks

    Prof Services
    The ICO said it initially planned to fine Capita a total of £45m, but this was later reduced by “mitigating factors”
  • Fraud losses surge as scammers use AI to manipulate victims

    Personal Finance
    Executives argue the measures threaten firms’ business models, particularly smaller fintechs more relatively exposed to fraud and with less capital to cover mandatory reimbursement. (Photo by Artur Widak/NurPhoto via Getty Images)
  • Barclays and Lloyds join banking sector plan for digital ID

    Banking
    Banking app interface showing financial transactions and account balance on a smartphone screen, emphasizing digital finan...
  • Fideres Study Finds TfL Fare Zones Disproportionately Burden Ethnic Minority Commuters

    Business Wire

City PM — European politics, business and analysis.

Europe

  • Germany
  • France
  • Europe
  • UK & Ireland

Topics

  • Business
  • Markets
  • AI
  • Technology
  • Opinion
  • Energy

More

  • Politics
  • Economics
  • Fintech
  • Legal
  • Sport
  • Life

Company

  • About City PM
  • Editorial Policy
  • Corrections
  • Contact
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
© 2026 City PM · Published by CityPM Media, Bahnhofstrasse 65, 8001 Zürich, Switzerland
About · Editorial Policy · Corrections · Contact · Privacy