British Railway Passengers Attacked

Uploaded on 2024-09-27 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Wi-Fi networks at a number of train stations across the UK have been suspended after being hacked. British Transport Police are investigating after there was an attack on Wi-Fi networks at 19 stations across the country, which are run by Network Rail. 

Passengers logging onto the Wi-Fi saw a webpage containing details of Islamist terrorist incidents in the UK and abroad. So far, no personal data is known to have been affected. 

Now, a man has been arrested after passengers at many of the nation's busiest train stations were affected 

The police say the suspect is an employee of Global Reach Technology, which provides  Wi-Fi services to Network Rail. The man was arrested on suspicion of offences under the Computer Misuse Act 1990 and offences under the Malicious Communications Act 1988. 

  • Ten London Stations in were were affected: They are: Euston, Victoria, King’s Cross, London Bridge, Cannon Street, Charing Cross, Liverpool Street, Paddington, Clapham Junction and Waterloo.
  • Stations outside London affected include: Manchester Piccadilly, Birmingham New Street, Glasgow Central, Leeds City, Liverpool Lime Street, Bristol Temple Meads, Edinburgh Waverley, Reading, and Guildford.

This incident follows a recent attack on Transport for London which runs Bus, Underground, Overground and other public transport services in the capital. That exploit is understood to have potentially exposed the bank account details of about 5k train passengers, either via activity on their Oyster card account or refund data. This data includes account numbers and sort codes.

A 17-year-old male was arrested on September 5th on suspicion of Computer Misuse Act offences in relation to that attack. 

In coment, Kev Eley, Vice President UKI at Exabeam said “The cyberattack on Network Rail marks a major cybersecurity incident in the UK.. There are several layers to this incident that make it particularly concerning. Firstly, there is the sheer scale of the attack and the widespread disruption that comes with this... Beyond the disruption caused, the attack raises questions around the security of personal data used to access National Rail Wi-Fi services...

What makes this attack even more worrying is its potential to cause widespread panic due to the nature of the message displayed to passengers when they logged into the Wi-Fi.

Ultimately, this incident serves as an important reminder of the significant risk posed by third-party suppliers and why it is vital that this element of cybersecurity is not overlooked." Eley said

Standard   |   Independent   |   BBC   |   Guardian   |    Sky  |   Mail

Image: @networkrail

You Might Also Read: 

Attack On Transport For London Exposed Passenger Bank Details:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Will Hezbollah Launch Cyber Attacks On Israel?
The Key Issues For SME Cyber Security [extract] »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ACIS Professional Center

ACIS Professional Center

ACIS provides training and consulting services in the area of information technology, cybersecurity, IT Governance, IT Service management, information security and business continuity management.

VMworld

VMworld

VMworld is a global conference for virtualization and cloud computing, including associated security issues.

Cavirin

Cavirin

Cavirin’s Automated Risk Analysis Platform reduces risk and automates security and compliance.

Cross Identity

Cross Identity

Cross Identity (formerly Ilantus Technologies) is a complete IAM solution that is deep, comprehensive, and can be implemented even by non-IT persons.

Seceon

Seceon

Seceon OTM, is a cyber security advanced threat management platform that visualizes, detects, and eliminates threats in real time.

Netsecurity AS

Netsecurity AS

Netsecurity is a Norwegian owned company focused and specialised within IT security and cybersecurity-as-a service.

Ecubel

Ecubel

Ecubel is the market leader in Belgium in buying and selling used IT harware guaranteed by a certified data erasure.

GELLIFY

GELLIFY

GELLIFY is the first innovation platform dedicated to the high-tech B2B market, supporting start-ups and companies.

Secure Technology Integration Group (STIGroup)

Secure Technology Integration Group (STIGroup)

Secure Technology Integration Group, Ltd. (STIGroup) is an innovative firm that provides CyberSecurity consulting, secure IT engineering, managed security services, and human capital solutions.

CyberSafe

CyberSafe

CyberSafe is a Portuguese company with a focus on cybersecurity solutions and services including network security, managed security, incident response and forensic analysis.

UST

UST

UST is a global provider of digital technology and transformation, IT services and solutions including managed security services.

RNTrust

RNTrust

RNTrust provide solutions to meet today’s digital challenges utilizing digital technologies and services to make you more secured in digitally connected environment.

Regtank Technology

Regtank Technology

Regtank is a one-stop compliance solution for fintechs, navigating compliance, security and risk management.

Secjur

Secjur

Secjur is a provider of AI-based compliance tools that aim to put compliance, data protection, information security and whistleblowing on autopilot.

Defimoon

Defimoon

DeFimoon is the International Blockchain Development & Security Agency. We provide professional services and solutions at the highest quality on world-leading chains.

Security Solutions Services (S-3)

Security Solutions Services (S-3)

S-3 specialize in crafting tailored network design, security hardware, software, and storage solutions for businesses of all sizes.