Letters have been sent to around 5,000 Transport for London customers whose details were hacked in a cyber attack, TfL has said.
The letters note the hack may have led to unauthorised access of personal information and exposed bank account details, including account numbers and sort codes.
Customer names and contact details may have also been accessed, TfL said.
Last week a 17-year-old boy was arrested in Walsall on suspicion of Computer Misuse Act offences in relation to the attack.
Sources previously told the Standard that other hackers were thought to be involved.
In response to the attack, letters have issued by TfL and sent to those impacted, the BBC reported on Friday.
It follows the transport body assuring passengers they would be contacted and updated directly, and that immediate measures to improve online security would be taken.
A TfL spokesperson said: “Following the update in relation to TfL’s ongoing cyber security incident last Thursday, we have been working to send letters to those customers who may have been impacted, as a precaution. These letters were sent to customers earlier this week.”
All letters contain a unique identifier so customers who are unsure about its validity can call TfL customer services who can confirm whether it is genuine.
TfL has notified the Information Commissioner's Office about the incident and it is working alongside partners to progress the investigation.
It added that additional measures to improve security have also been put into place, including an all-staff IT identity check.
Nearly three weeks after the incident, all customers are still unable to apply for refunds or access their contactless data.
Meanwhile, applications for new Oyster photocards, including Zip cards, have been temporarily suspended. Online journey history is also currently unavailable through TfL platforms.
