Staff at City Hall were on Thursday told to disconnect from the WiFi, switch off their devices and work from home instead, as precautions were taken following the impacts of a cyber-attack on Transport for London (TfL).
It came as the National Crime Agency (NCA) revealed that a teenager had been arrested in connection with the incident last week.
TfL said some customers’ sort codes and bank account details could have been accessed by hackers during what they called an “ongoing cyber security incident”.
The NCA said a 17-year-old boy was arrested in Walsall on 5 September on suspicion of Computer Misuse Act offences. The cyber attack was first reported on 2 September. He was questioned by NCA officers and has since been bailed.
As a precautionary measure at City Hall, while preparations were made for a full reset of the Greater London Authority’s WiFi network on Thursday afternoon, staff were told to ensure their devices were completely turned off and to use their home internet as a temporary measure.
Shashi Verma, TfL’s chief technology officer, said: “The security of our systems and customer data is very important to us.
“We continually monitor who is accessing our systems to ensure only those authorised can gain access. We identified some suspicious activity on Sunday 1 September and took action to limit access. A thorough investigation continues alongside the National Crime Agency and the National Cyber Security Centre.
“Although there has been very little impact on our customer so far, the situation continues to evolve and our investigations have identified that certain customer data has been accessed. This includes some customer names and contact details (including email addresses and home addresses where provided).
“Some Oyster card refund data may also have been accessed. This could include bank account numbers and sort codes for a limited number of customers. As a precautionary measure, we will be contacting these customers directly as soon as possible to advise them of the support we can provide and the steps they can take.
“We have notified the Information Commissioner’s Office and are working at pace with our partners to progress the investigation…
“In addition, as part of the measures we have implemented to deal with the cyber incident, we have today put in place additional measures to improve our security. This includes an all-staff IT identity check. Throughout this planned process we have ensured that all safety critical systems and processes have been maintained.
“We do not expect any significant impact to customer journeys as we carry out this process. However, temporary and limited disruption is possible to some services so, as ever, please check before you travel…
“We will continue to keep our customers and our staff updated. I would like to apologise for the inconvenience this incident may cause customers and I thank everyone for their patience as we respond to this incident.”
