British Railway Passengers Attacked

Uploaded on 2024-09-27 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Wi-Fi networks at a number of train stations across the UK have been suspended after being hacked. British Transport Police are investigating after there was an attack on Wi-Fi networks at 19 stations across the country, which are run by Network Rail. 

Passengers logging onto the Wi-Fi saw a webpage containing details of Islamist terrorist incidents in the UK and abroad. So far, no personal data is known to have been affected. 

Now, a man has been arrested after passengers at many of the nation's busiest train stations were affected 

The police say the suspect is an employee of Global Reach Technology, which provides  Wi-Fi services to Network Rail. The man was arrested on suspicion of offences under the Computer Misuse Act 1990 and offences under the Malicious Communications Act 1988. 

  • Ten London Stations in were were affected: They are: Euston, Victoria, King’s Cross, London Bridge, Cannon Street, Charing Cross, Liverpool Street, Paddington, Clapham Junction and Waterloo.
  • Stations outside London affected include: Manchester Piccadilly, Birmingham New Street, Glasgow Central, Leeds City, Liverpool Lime Street, Bristol Temple Meads, Edinburgh Waverley, Reading, and Guildford.

This incident follows a recent attack on Transport for London which runs Bus, Underground, Overground and other public transport services in the capital. That exploit is understood to have potentially exposed the bank account details of about 5k train passengers, either via activity on their Oyster card account or refund data. This data includes account numbers and sort codes.

A 17-year-old male was arrested on September 5th on suspicion of Computer Misuse Act offences in relation to that attack. 

In coment, Kev Eley, Vice President UKI at Exabeam said “The cyberattack on Network Rail marks a major cybersecurity incident in the UK.. There are several layers to this incident that make it particularly concerning. Firstly, there is the sheer scale of the attack and the widespread disruption that comes with this... Beyond the disruption caused, the attack raises questions around the security of personal data used to access National Rail Wi-Fi services...

What makes this attack even more worrying is its potential to cause widespread panic due to the nature of the message displayed to passengers when they logged into the Wi-Fi.

Ultimately, this incident serves as an important reminder of the significant risk posed by third-party suppliers and why it is vital that this element of cybersecurity is not overlooked." Eley said

Standard   |   Independent   |   BBC   |   Guardian   |    Sky  |   Mail

Image: @networkrail

You Might Also Read: 

Attack On Transport For London Exposed Passenger Bank Details:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Will Hezbollah Launch Cyber Attacks On Israel?
The Key Issues For SME Cyber Security [extract] »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CloudPassage

CloudPassage

CloudPassage, a cloud security and compliance pioneer, safeguards cloud infrastructure for the world’s best-recognized brands.

Magal Security Systems (Magal S3)

Magal Security Systems (Magal S3)

Magal Security Systems is a leading international provider of integrated solutions and products for physical and cyber security, safety and site management.

Saviynt

Saviynt

Saviynt is a leading provider of Cloud Security and Identity Governance solutions.

OneSpan

OneSpan

OneSpan (formerly Vasco Data Security) is a global leader in digital identity security, transaction security and business productivity.

SCIS Security

SCIS Security

SCIS Security provides affordable cyber security services and solutions to small to medium sized businesses and homes.

CyberSAFE Malaysia

CyberSAFE Malaysia

CyberSAFE Malaysia is an initiative to educate and enhance the awareness of the general public on the technological and social issues and risks facing internet users.

ITTAS

ITTAS

ITTAS is a multidisciplinary company specializing in information security and software and hardware protection software.

Privafy

Privafy

Privafy helps mobile service providers, IoT manufactures , and enterprises redefine the way they protect Data-in-Motion.

OpenAVN (DefenseArk)

OpenAVN (DefenseArk)

Defending your life online, keeping your data safe and private. We detect digital threats magnitudes faster than the leading antivirus software.

tTech

tTech

tTech is the first and foremost company providing outsourced Information Technology solutions to businesses in Jamaica.

EDGE Group

EDGE Group

EDGE is one of the world’s leading advanced technology groups, established to develop agile, bold and disruptive solutions for defence and beyond.

Indian Cyber Security Solutions (ICSS)

Indian Cyber Security Solutions (ICSS)

Indian Cyber Security Solutions is an Enterprise Cyber Security Platforms company offering Cyber Security & Technical Education and Compliance & Penetration Testing Services.

Paramount Defenses

Paramount Defenses

Paramount Defenses have unrivaled capability in two of the most critical areas in cyber security today – Active Directory Security and Privileged Access.

Capzul

Capzul

Capzul are transforming the network security landscape with a new approach; creating virtually impenetrable networks, precluding cybercriminal attacks on your network ecosystem.

WaveLink

WaveLink

WaveLink offers low risk, results-oriented Engineering Services and best-of-class Technical Support Services. Areas of expertise include cyber and security engineering.

Open Cybersecurity Alliance (OCA)

Open Cybersecurity Alliance (OCA)

OCA is building an open ecosystems where cybersecurity products interoperate without the need for customized integrations. We're making standards-based interoperable cybersecurity a reality.