A 17-year-old boy from Walsall has been arrested in connection with a cyber attack that targeted Transport for London (TfL) on September 1, 2024. The UK’s National Crime Agency (NCA) said the teenager was taken into custody on September 5 on suspicion of violating the Computer Misuse Act. He was later released on bail after questioning.
The cyber attack led to unauthorized access to bank account numbers and sort codes of about 5,000 TfL customers. TfL is in the process of contacting those affected and has confirmed that, while the impact has been minimal so far, they continue to monitor the situation as it evolves. The agency is also requiring around 30,000 staff members to undergo an in-person identity verification process to reset their passwords.
Paul Foster, Deputy Director of the NCA’s National Cyber Crime Unit, emphasized the seriousness of the attack on public infrastructure and praised TfL’s swift response, which allowed authorities to act quickly.
Interestingly, another 17-year-old from Walsall was arrested in July 2024 for a ransomware attack on MGM Resorts, attributed to the Scattered Spider group. It’s unclear if this is the same individual involved in both incidents. Scattered Spider is part of a larger cybercrime collective known as The Com, which targets cloud infrastructures in industries like insurance and finance using social engineering and other advanced hacking techniques.
