Earlier in the year members of Professor Bart Jacobs' team came to London to test their findings, and travelled on the London Underground using a modified Oyster card.
Shashi Verma, director of fares and ticketing at Transport For London, told the BBC its system spotted the security breach.
"We knew about it before we were informed by the students," said Mr Verma
He stressed that the Mifare Classic chip in the Oyster card is only part of a larger system. "A number of forensic controls run within the back office systems which is something that customers and these students have no ability to touch."
"We will carry on making improvements to the security of the Oyster system."
Commenting on their research, Prof Jacobs told BBC Click the information being disclosed was: "not a guidebook for attacks". I also bet it's not as much fun as creating an Oyster Card watch or a magic wand for Tube barriers.
The BBC's full report on this will be broadcast on BBC Click on Saturday 11 October at 1130 BST on the BBC News Channel. You can also find it on BBC World - check here for the times it'll be going out.