Bank details of around 5,000 Transport for London (TfL) customers could have been obtained in the cyber attack on the transport authority, which has had to reset the online accounts of around 30,000 staff.
On Thursday TfL issued an update in relation to what it called an ‘ongoing cyber security incident’, having first identified suspicious activity on 1 September.
Chief technology officer Shashi Verma said: ‘Although there has been very little impact on our customers so far, the situation continues to evolve and our investigations have identified that certain customer data has been accessed.
'This includes some customer names and contact details (including email addresses and home addresses where provided).
‘Some Oyster card refund data may also have been accessed. This could include bank account numbers and sort codes for a limited number of customers. As a precautionary measure, we will be contacting these customers directly as soon as possible to advise them of the support we can provide and the steps they can take.
‘A thorough investigation continues alongside the National Crime Agency and the National Cyber Security Centre.’
Mr Verma added that TfL has notified the Information Commissioner's Office and put in place additional measures to improve security.
He said: ‘The security measures we are taking mean that it is now not possible for us to deliver the necessary system changes to enable 47 additional stations outside London to benefit from pay as you go with contactless on 22 September as planned.
‘We are working with DfT and the Rail Delivery Group to reschedule and we apologise for the delay.’
Mr Verma also disclosed that some staff data had been accessed and that it had ‘deliberately reset’ every employee’s OneLondon account, locking staff out of their email accounts and requiring them to attend in person to verify their identities.
In a message on TfL’s Employee Hub, he said: ‘Resetting 30,000 colleague passwords in person will take some time.’
In his own message to staff, TfL Commissioner Andy Lord describe the cyber attack as ‘unprecedented and very sophisicated’.
Also on Thursday, the National Crime Agency said it had arrested a 17-year-old male in Walsall on suspicion of Computer Misuse Act offences in relation to the attack.
TfL has previously said that it has temporarily restricted access to customer journey history for pay as you go contactless customers and limited access to some live travel data via apps and its photocard portal.
It is also currently unable to issue refunds for incomplete pay as you go journeys made using contactless payments.