Police Arrest Youth Over London Transport Hack

The National Crime Agency (NCA) said it has arrested a 17-year-old male in Walsall, in the West Midlands, as part of its investigation into this month’s cyber-attack on Transport for London.

The teenager was detained on 5 September on suspicion of Computer Misuse Act offences in relation to the 1 September attack, was questioned and later released on bail, the NCA said.

The agency said it is leading the law enforcement response and is working with the National Cyber Security Centre and TfL to minimise risks.

“Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems,” said deputy NCA director Paul Foster, head of the agency’s National Cyber Crime Unit.

Customer data

“The swift response by TfL following the incident has enabled us to act quickly, and we are grateful for their continued co-operation with our investigation, which remains ongoing.”

After initially saying customer data had not been affected, TfL has now confirmed about 5,000 customers’ sort codes and bank details may have been compromised as part of the incident.

TfL said data including names, emails and home addresses were accessed.

Chief technology officer Shashi Verma said those affected would be contacted directly.

“The situation continues to evolve and our investigations have identified that certain customer data has been accessed,” he said.

This includes customer contact details, including email addresses and home addresses where provided, as well as Oyster card refund data that could include bank account numbers and sort codes for a “limited” number of customers, he said.

He said the security of its systems and customer data were “very important” to the transport provider.

“I would like to apologise for the inconvenience this incident may cause customers and I thank everyone for their patience as we respond to this incident,” Verma said.

‘Scattered Spider’

The incident did not disrupt travel services but did force TfL to shut down some internal services.

The NCA also arrested a 17-year-old male from Walsall in July of this year over a possible link to the 2023 ransomware hacks of MGM Resorts and Caesars venues in an incident attributed to the Scattered Spider hacking collective, which was acting as an affiliate for the now-defunct BlackCat ransomware gang.

The NCA has not indicated whether the two arrests involved the same person.