A 17-year-old male has been arrested as part of the investigation into a cyber security incident affecting Transport for London (TfL).
The teenager was detained in Walsall on suspicion of Computer Misuse Act offences in relation to the attack, which was launched on TfL on 1 September.
He has been questioned by officers from the National Crime Agency (NCA) and has been bailed.
It is understood some customer data was compromised, including customer names and contact details.
Some Oyster card refund data, which could include bank account details, may also have been accessed.
The NCA has said it is working alongside TfL and the National Cyber Security Centre to manage the incident and minimise risk to customers.
Paul Foster, head of the NCA’s National Cyber Crime Unit, said: “We have been working at pace to support Transport for London following a cyber attack on their network, and to identify the criminal actors responsible.
“Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems.
“The swift response by TfL following the incident has enabled us to act quickly, and we are grateful for their continued co-operation with our investigation, which remains ongoing.
“The NCA leads the UK’s response to cybercrime. We work closely with partners to protect the public by ensuring cyber criminals cannot act with impunity, whether that be by bringing them before the courts or through other disruptive and preventative action.”
Read more from Sky News:
Billionaire becomes first person to take part in private spacewalk
AI ‘can detect early signs of over 1,000 diseases’
Providing customers with an update, TfL said on Thursday: “Although there has been very little impact on our customers so far, the situation is evolving and our investigations have identified that certain customer data has been accessed. This includes some customer names and contact details, including email addresses and home addresses where provided.
“Some Oyster card refund data may have also been accessed. This could include bank account numbers and sort codes for a limited number of customers.
“If you are affected, we will contact you directly as soon as possible as a precautionary measure, and will offer you support and guidance.”
TfL said it has now put in place additional measures to improve its security and will provide further updates as soon as possible.