The Metropolitan Police now routinely requests access to Transport for London’s (TfL) Oyster Card database in search of personal information on its users, The Guardian has reported.
After making a freedom of information request, TfL said this had happened 5,295 times in 2008, 5,359 in 2009, 5,046 in 2010, and a record 6,258 in 2011; the current total for 2012 stood at 264.
The majority of these requests were for Oyster Card data with the rest made up of CCTV images and information on staff, the Metropolitan Police told the newspaper.
The reason for requests were not broken down by the Met but motivations are bound to include ascertaining the movements of victims and suspects. Data held by TfL includes locations, dates and and times travelled by each passenger.
TfL said it had issued 40 million cards since the scheme was launched in 2003, against which the 21,958 over four years underlines that the number of accounts being accessed remains tiny.
The Oyster Card has not been without security controversies of its own. In 2008, a Dutch researcher showed how the cryptographic system used by the Oyster Card could be hacked to create clone cards.
View full post on National Cyber Security » Computer Hacking