During the cyber hack, the Oyster card data of thousands of people was breached, which included the bank account numbers and sort codes of customers awaiting refunds.
TfL has told customers it will contact them directly if they are affected “as soon as possible as a precautionary measure”.
It said anyone who has had their details compromised will be offered support and guidance.
Following the incident on Sunday 1 September, TfL has reassured the public that there has been “very little impact” on customers so far, but there has been personal data accessed by the hacker.
This includes customer names and contact details, including email and home addresses.
The capital’s transport body is investigating the incident with the National Crime Agency (NCA) and the National Cyber Security Centre, and the NCA announced a 17-year-old male has been arrested in connection with the incident.
Deputy director Paul Foster, head of the NCA’s cyber crime unit, said: “We have been working at pace to support Transport for London following a cyber attack on their network, and to identify the criminal actors responsible.
“Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems.
“The swift response by TfL following the incident has enabled us to act quickly, and we are grateful for their continued cooperation with our investigation, which remains ongoing.”
Customers have been warned that – although unlikely – there could be delays on some services, although TfL doesn’t expect a significant impact.
As TfL has reduced some online services to prevent another cyber attack, it has had a knock-on effect on some processes, including the arrival times of your tubes.
This is the case on TfL Go and the TfL website, but information on when your train will arrive will continue to be shown in stations.
Oyster applications suspended and refunds on hold
Applications for new Oyster photocards have been suspended, so if you are waiting for a reply, you should keep a record of the journeys made so you can potentially claim a refund once the issue has been resolved.
Also, refunds for incomplete journeys have been put on hold for contactless payments, so TfL has urged customers to remember to tap in and out at the gates.
If you have any outstanding enquiries online, there will also be a delayed response until the cyber hacking investigation is complete.
The company has said: “We will continue to keep you updated. We are sorry for the inconvenience this incident may cause and thank you for your patience.”
Last Friday, TfL alerted customers about the incident and Shashi Verma, TfL’s chief technology officer, said there was “no evidence that any customer data has been compromised.”