Transport for London Investigates Data Breach in Oyster Cards

Transport for London (TfL) has disclosed a significant cyber security incident that exposed customer data, including 5,000 Oyster card users. The breach, discovered on September 1, 2024, revealed suspicious activity on TfL's systems, prompting an investigation involving the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC).

The NCA announced today that it made an arrest linked to the incident, apprehending a 17-year-old male suspected to be involved in the cyberattack.

While the transportation agency initially reported no customer data compromise, today it confirmed that some personal information, including names, email addresses, and home addresses, has been accessed.

In its latest announcement, TfL also revealed that bank account numbers and sort codes related to Oyster card refunds may have been accessed for around 5,000 customers. The agency is reaching out directly to those affected and offering support. TfL also noted that, despite the unfortunate finding, the impact on its services has been limited thus far, though some operational disruptions are ongoing.

The breach led to several precautionary measures aimed at mitigating further damage. Live Tube arrival information has been temporarily unavailable on TfL’s digital platforms, including its website and TfL Go app, although station-level and journey planning services remain unaffected. Additionally, applications for new Oyster photocards, including Zip cards for young travelers, have been suspended, and refunds for contactless pay-as-you-go journeys are currently unavailable due to limited system access.

TfL, responsible for managing London’s comprehensive public transport network, is a critical agency serving millions of residents and visitors daily. With over 31 million journeys taking place across its buses, trains, and other services each day, the agency's vast infrastructure and reliance on digital systems make it a prime target for cyber threats. The ongoing cyber attack has sparked concerns, especially given the increasing reliance on cashless payments through Oyster and contactless systems.

An all-staff IT identity check is also underway to ensure that no internal systems have been compromised. Although TfL assures the public that these security measures are in place to protect its services, customers are advised to remain cautious. Those who suspect their data may have been compromised are urged to monitor their accounts closely for any suspicious activity.