British teen arrested over cyberattack on London transportation agency

British authorities on Thursday announced the arrest of a teenager last week in connection with a cyberattack targeting Transport for London, the agency responsible for running the city’s sprawling network of public transportation.

The unnamed 17-year-old male was arrested Sept. 5 in Walsall, a town outside of Birmingham in the West Midlands, England, according to a statement from the U.K.’s National Crime Agency. 

Transport for London is still “dealing with an ongoing cyber security incident,” according to a statement on the agency’s website. The NCA identified what it called “suspicious activity” Sept. 1 and “took action to limit access.” Some customer data was accessed in the attack, the statement added, including some customer names and contact details, and some bank account numbers tied to cards used to access agency services.

The agency had originally claimed that no customer data was accessed in the attack. 

The teenager was detained on suspicion of Computer Misuse Act offenses, the NCA said, was questioned by officers and then released. 

“We have been working at pace to support Transport for London following a cyber attack on their network, and to identify the criminal actors responsible,” said Paul Foster, NCA’s deputy director and head of the National Cyber Crime Unit. “Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems.”

The arrest is just the latest example of teenagers being accused of involvement in high-profile cyberattacks. Two British teenagers were arrested as part of the prolific Lapsus$ extortion group responsible for attacks in 2021 and 2022 against major corporations around the world. More recently, teenagers and young adults in the U.K., U.S. and elsewhere were implicated in attacks and incidents tied to the Com, an online ecosystem made up of groups and subgroups tied to high-profile cybercrime and physical violence.