Transport for London (TfL) has determined that the cyberattack on September 1 impacts customer data, including names, contact details, email addresses, and home addresses.

The urban transportation agency had informed the public on September 2 about an ongoing cybersecurity incident, assuring customers that at the time there was no evidence of data being compromised.

Last Friday, TfL staff was still facing system outages and disruptions, including the inability to respond to customer requests submitted via online forms, issue refunds for journeys paid with contactless methods, and more.

A new update on the TfL incident page explains that although the impact on its operations has remained minimal throughout this time, internal investigation uncovered that customer data has been compromised.

“Although there has been very little impact on our customers so far, the situation is evolving, and our investigations have identified that certain customer data has been accessed,” reads the status page.

“This includes some customer names and contact details, including email addresses and home addresses where provided.”

Additionally, the agency discovered that the hackers may have accessed some Oyster card refund data and bank account number and sort codes for approximately 5,000 customers.

BleepingComputer can confirm that affected customers are receiving personalized notifications informing them of the data breach, so people should check their email to learn if they are among those impacted.

TfL says there are still mitigation measures in place to help protect data and systems until the remediation efforts are concluded, which means that some services remain unavailable.

Things that customers should be aware of:

• Live Tube arrival info is unavailable on some digital channels, but in-station and journey planning info is accessible.
• Applications for new Oyster photocards, including Zip cards, are temporarily suspended. Call 0343 222 1234 (option 1) for lost card replacements.
• Keep records of fares if you can’t apply for a photocard; refunds may be possible once the cyber incident is resolved.
• Contactless users can’t access online journey history.
• Refunds for incomplete journeys using contactless are unavailable; always touch in/out. Oyster users can manage refunds online.
• Staff have limited system access, causing delays in online response.

At the time of writing, no ransomware gang has claimed the cyberattack at TfL.