UK arrests teen linked to Transport for London cyber attack

U.K.'s National Crime Agency says it arrested a 17-year-old teenager who is suspected of being connected to the cyberattack on Transport for London, the city's public transportation agency.

"A teenager has been arrested in Walsall by the National Crime Agency, as part of the investigation into a cyber security incident affecting Transport for London (TfL)," reads the NCA statement.

"The 17-year-old male was detained on suspicion of Computer Misuse Act offences in relation to the attack, which was launched on TfL on 1 September."

The teenager was questioned by NCA officers and subsequently released on bail.

The NCA says they are leading the investigation into the cyberattack and working closely with the National Cyber Security Centre and TfL to manage the incident.

As noted by SANS instructor Will Thomas, the NCA also arrested a 17-year-old male from Walsall in July 2024 for a possible link to the MGM Resorts ransomware attack. This attack was attributed to the Scattered Spider hacking collective, which was acting as an affiliate for the BlackCat ransomware gang.

BleepingComputer contacted the NCA about whether the same individual was arrested but has not heard back at this time.

The Transport for London cyberattack

On September 1st, Transport for London disclosed that it suffered a weekend cyberattack and shut down or restricted access to various IT systems to prevent its spread.

While the attack did not disrupt transportation services in the city, it did impact internal systems used by staff, various online customer-facing systems, and the ability to issue refunds.

The attack has also caused ongoing disruption to TfL's Dial-a-Ride service, which provides door-to-door transportation for those with disabilities.

After initially stating that customer data was not believed to have been stolen, TfL confirmed today that data, including customers' names, contact details, email addresses, and home addresses, was stolen in the attack.

The threat actors may have also accessed Oyster card refund data and bank account information for approximately 5,000 customers.

Through its surface, underground, and Crossrail transport systems, TfL provides transportation services to over 8.4 million London residents.

In May 2023, Transport for London also suffered a data breach after the Clop ransomware gang stole data for approximately 13,000 customers from the organization's MOVEit Transfer services.