"Researchers from Radboud University in Nijmegen revealed two weeks
ago they had cracked and cloned London's Oyster travelcard and the
Dutch public transportation travelcard, which is based on the same
RFID chip. Attackers can scan a card reading unit, collect the
cryptographic key that protects security and upload it to a laptop.
Details are then transferred to a blank card, which can be used for
free travel.
Around one billion of these cards have been sold worldwide. The card
is also widely used to gain access to government departments, schools
and hospitals around Britain."
http://www.theregister.co.uk/2008/07/18/university_can_publish_oyster_research/