A 17-year-old male has been arrested as part of the investigation into a cyber security incident affecting Transport for London (TfL).
The teenager was detained in Walsall on suspicion of Computer Misuse Act offences in relation to the attack, which was launched on TfL on 1 September.
He has been questioned by officers from the National Crime Agency (NCA) and has been bailed.
It is understood some customer data was compromised, including customer names and contact details.
Some Oyster card refund data, which could include bank account details, may also have been accessed.
The NCA has said it is working alongside TfL and the National Cyber Security Centre to minimise risk to customers.
Paul Foster, head of the NCA’s National Cyber Crime Unit, said: “We have been working at pace to support Transport for London following a cyber attack on their network, and to identify the criminal actors responsible.
“Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems.
Keep up with all the latest news from the UK and around the world by following Sky News
“The swift response by TfL following the incident has enabled us to act quickly, and we are grateful for their continued co-operation with our investigation, which remains ongoing.
“The NCA leads the UK’s response to cybercrime. We work closely with partners to protect the public by ensuring cyber criminals cannot act with impunity, whether that be by bringing them before the courts or through other disruptive and preventative action.”
Read more from Sky News:
Billionaire becomes first person to take part in private spacewalk
AI ‘can detect early signs of over 1,000 diseases’
Providing customers with an update, TfL said on Thursday: “Although there has been very little impact on our customers so far, the situation is evolving and our investigations have identified that certain customer data has been accessed. This includes some customer names and contact details, including email addresses and home addresses where provided.
“Some Oyster card refund data may have also been accessed. This could include bank account numbers and sort codes for a limited number of customers (around 5,000).
“If you are affected, we will contact you directly as soon as possible as a precautionary measure, and will offer you support and guidance.”
This breaking news story is being updated and more details will be published shortly.
Please refresh the page for the fullest version.
You can receive breaking news alerts on a smartphone or tablet via the Sky News app. You can also follow @SkyNews on X or subscribe to our YouTube channel to keep up with the latest news.