Railway WiFi Security Breach

Data of more than 10,000 travellers were exposed online following railway wi-fi security breach.

07:00 03 March 2020

Network Rail and wi-fi provider C3UK have confirmed a security breach that saw the data of more than 10,000 travellers exposed online. The database, found online by a security researcher, contained 146 million records, including personal contact details and dates of birth.

 

C3UK said: "To the best of our knowledge, this database was only accessed by ourselves and the security firm and no information was made publicly available,"

 

"Given the database did not contain any passwords or other critical data such as financial information, this was identified as a low-risk potential vulnerability."

The databased had also revealed software updates and the type of software used by devices connected to the wi-fi.

 

Researcher Jeremiah Fowler, from Security Discovery, said: "That can provide a secondary pathway for [the installation of] malware,"

 

The ICO confirmed that it had not been notified.

 

"When a data incident occurs, we would expect an organisation to consider whether it is appropriate to contact the people affected and to consider whether there are steps that can be taken to protect them from any potential adverse effects," it said.