Boy, 17, arrested in connection with TfL cyberattack

The National Crime Agency (NCA) said the 17-year-old was arrested in Walsall, West Midlands, as part of the investigation into the cyber attack which was launched on 1 September.

He was detained on suspicion of Computer Misuse Act offences on 5 September and was bailed after being questioned by NCA officers.

The bank account numbers and sort codes of around 5,000 customers could have been compromised in the attack, according to TfL.

Paul Foster, head of the NCA’s National Cyber Crime Unit, said: “We have been working at pace to support Transport for London following a cyber attack on their network, and to identify the criminal actors responsible.

“Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems.

“The swift response by TfL following the incident has enabled us to act quickly, and we are grateful for their continued co-operation with our investigation, which remains ongoing.

“The NCA leads the UK’s response to cybercrime. We work closely with partners to protect the public by ensuring cyber criminals cannot act with impunity, whether that be by bringing them before the courts or through other disruptive and preventative action.”

Providing customers with an update, TfL said on Thursday: “Although there has been very little impact on our customers so far, the situation is evolving and our investigations have identified that certain customer data has been accessed.

“This includes some customer names and contact details, including email addresses and home addresses where provided.

“Some Oyster card refund data may have also been accessed. This could include bank account numbers and sort codes for a limited number of customers (around 5,000).

“If you are affected, we will contact you directly as soon as possible as a precautionary measure, and will offer you support and guidance.”