Wifi networks at a number of train stations across the UK have been suspended after a “cybersecurity incident”.
Nineteen stations including London Euston, Manchester Piccadilly and Birmingham New Street had their wifi services suspended on Wednesday night after the incident. They were still down on Thursday.
The Manchester Evening News reported that passengers accessing the wifi at Piccadilly station were directed to a webpage titled “We love you, Europe”, which contained Islamophobic messages and details of several terrorist attacks that have taken place in the UK and in Europe.
A Network Rail spokesperson said: “We are currently dealing with a cybersecurity incident affecting the public wifi at Network Rail’s managed stations. This service is provided via a third party and has been suspended while an investigation is under way.”
A British Transport Police spokesperson said: “We are aware of a cyber-attack that affected some Network Rail wifi services, reported to us at around 5.03pm today [25 September]. We are working with Network Rail to investigate the incident.”
Telent, the company that provides wifi services for Network Rail, said the “unauthorised change” to the wifi landing page had been made from a “legitimate administrator account” and that the matter was now under criminal investigation.
The firm said it was working with Global Reach, the firm that provided the page, to investigate and that none of its other customers, which include Openreach, Transport for London (TfL), National Highways, the Maritime and Coastguard Agency and the NHS Ambulance Radio Programme, had been affected.
“Following the incident affecting the public wifi at Network Rail’s managed stations, Telent have been working with Network Rail and other stakeholders,” Telent said.
“Through investigations with Global Reach … it has been identified that an unauthorised change was made to the Network Rail landing page from a legitimate Global Reach administrator account and the matter is now subject to criminal investigations by the British Transport Police.
“No personal data has been affected. As a precaution, Telent temporarily suspended all use of Global Reach services while verifying that no other Telent customers were impacted.”
Later on Thursday, the BTP said a man who was employed by Global Reach had been arrested under the Computer Misuse Act 1990 and offences under the Malicious Communications Act 1988.
In London, 10 major train stations have been affected: King’s Cross, London Bridge, Euston, Victoria, Cannon Street, Charing Cross, Liverpool Street, Clapham Junction, Waterloo and Paddington.
Manchester Piccadilly, Liverpool Lime Street, Birmingham New Street, Glasgow Central, Leeds City, Bristol Temple Meads, Edinburgh Waverley, Reading and Guildford stations were also affected.
Earlier this month, TfL was hit by a cyber-attack that potentially breached thousands of customers’ details. While services ran as normal, the company restricted access to live travel data that served travel apps such as Citymapper and TfL Go, and other customer services including those relating to journey history and photocard registration as it dealt with the breach.
The National Crime Agency (NCA) said a 17-year-old boy from Walsall had been detained on suspicion of offences under the Computer Misuse Act 1990 in relation to the attack on TfL’s systems. The teenager was released on bail after questioning by NCA officers.
TfL said it was contacting about 5,000 customers as a precaution to warn that their email and bank account details could have been accessed. It is understood to relate to those who had applied for refunds on journeys made using Oyster cards.
On Monday, TfL aid there was no date set for when passenger journey and live travel data would be accessible again. It added: “We can assure customers that once it is available they will be able to see their full journey history and correct any incomplete journeys or maximum fares.”