Transport for London (TfL) has temporarily suspended access to customers’ Oyster and contactless online accounts after over 1,000 customers had their details accessed maliciously.
Approximately 1,200 accounts have been accessed maliciously, forcing TfL to shut online accounts to protect customers’ data.
No customer payment details have been accessed.
Tfl said its Oyster online service has not been compromised but that individual user details have been gathered through breaches by unrelated third parties that were then reused on the TfL Oyster website.
A TfL spokesperson said: “We believe that a small number of customers have had their Oyster online account accessed after their login credentials were compromised when using non-TfL websites.
“No customer payment details have been accessed, but as a precautionary measure and to protect our customers’ data, we have temporarily suspended online contactless and Oyster accounts while we put additional security measures in place.
“We will contact those customers who we have identified as being affected and we encourage all customers not to use the same password for multiple sites.”
TfL customers can still access their Oyster account via the app and top ups can still be made in stations and at ticket machines.