It seems that the TFL customer database had a hacking incident a couple of weeks ago and they sent this to registered Oyster Card holders today via email:
https://tfl.gov.uk/campaign/cyber-security-incident
However, in the past hour of my writing this, an arrest has been made and more information on the breach has been released:
https://www.bbc.com/news/articles/c4gqg2elkj4o
TFL says they will be in touch with anyone who has been directly affected.