Transport for London Cyberattack Compromises Bank Account Numbers and Names; Teen Arrested

Transport for London (TFL) has confirmed that Sunday’s cyberattack resulted in compromise of data, including email addresses, home addresses, and bank account numbers.

Last week, TFL issued a notice warning Londoners that hackers breached the transport system’s IT network, causing minor disruptions. At the time, TFL had found no evidence that the attackers had made off with any customer data.

However, the investigation has revealed that customer data was indeed compromised in Sunday’s attack.

Contact details, addresses, bank numbers

“We identified some suspicious activity on Sunday 1 September and took action to limit access,” reads TFL’s latest update. “We are conducting a thorough investigation into the incident, alongside the National Crime Agency and the National Cyber Security Centre.”

“Although there has been very little impact on our customers so far, the situation is evolving and our investigations have identified that certain customer data has been accessed,” the statement continues. “This includes some customer names and contact details, including email addresses and home addresses where provided.”

According to the notice, the compromised data could also include bank account numbers and sort codes for some 5,000 Londoners.

Those affected will receive individual notices with “support and guidance [...] as soon as possible.”

Teen arrested in connection with Sunday attack

The UK National Crime Agency says a teenager has been arrested in Walsall in connection with the incident. The unnamed 17-year-old male was detained on Sept. 5, questioned by NCA officers and freed on bail.

Investigators are holding back details on the teen’s motives, whether they believe he’s only a suspect or indeed the culprit, or whether they think he’s the sole actor in this event or a member of a larger hacking operation (i.e. ransomware). It is also unclear if the compromised data stayed with the perpetrator or made its way out on the internet.

Stay vigilant!

As we note in previous reporting of this incident, anyone affected by a data breach should consider a data monitoring service. Bitdefender Digital Identity Protection lets you find out if your data has leaked online, what type of information was compromised, what risks you face, and whether your information is for sale to fraudsters on the dark web.

Be wary of any unsolicited communications citing your personal or financial data. Fraudsters typically buy data stolen in breaches like these to craft clever scams to trick you into divulging more sensitive data or scam you outright.

Consider using Scamio if you're suspicious of a certain phone call, email or SMS. Scamio is a fast and efficient way to find out if you’re being conned. Simply describe the situation to our clever chatbot and let it guide you to safety. You can share with Scamio the exact thing you want to check: a screenshot, PDF, QR code or link. Scamio lets you know in seconds if it’s a scam. Use it anywhere via web browser, Facebook Messenger, or WhatsApp. Scamio is localized for use in the US, France, Germany, Spain, Italy, Romania, Australia and the UK.