Cyber attacks hit 19 railway stations including London Euston

by · Mail Online

Nineteen major railway stations across Britain including ten in London have been hit by a major cyber attack impacting wi-fi systems for passengers.

Network Rail confirmed London Euston, Manchester Piccadilly, Liverpool Lime Street, Birmingham New Street and Glasgow Central were among those impacted.

British Transport Police has launched an investigation after travellers logging into the wi-fi at stations have reported seeing a message about terror attacks in Europe.

Wi-fi at the affected stations is controlled by a third-party provider called Telent, and MailOnline understands other organisations have also been impacted by the attack.

The wifi webpage after the hack said 'We love you, Europe' and contained information about terror attacks, according to the Manchester Evening News.

The attack has been compared to the BBC's new drama Nightsleeper which features a sleeper train travelling from Glasgow to London which is hacked and hijacked. 

London Euston is among the 19 railway stations impacted by the cyber attack (file picture)
The wifi webpage after the hack said 'We love you, Europe' and contained information about terror attacks, which has been obscured by MailOnline in the above image
Network Rail confirmed Manchester Piccadilly is among the affected train stations (file photo)
Another of the stations impacted by the cyber attack today is London King's Cross (file image)

The wi-fi is still down this morning at the stations, which also include Bristol Temple Meads, Edinburgh Waverley, Leeds, Guildford and Reading.

Full list of all Network Rail stations impacted by cyber attack

  • Birmingham New Street
  • Bristol Temple Meads
  • Clapham Junction
  • Edinburgh Waverley
  • Glasgow Central
  • Guildford
  • Leeds City
  • Liverpool Lime Street
  • London Bridge
  • London Cannon Street
  • London Charing Cross
  • London Euston
  • London King's Cross
  • London Liverpool Street
  • London Paddington
  • London Victoria
  • London Waterloo
  • Manchester Piccadilly
  • Reading

The ten London stations affected are Cannon Street, Charing Cross, Clapham Junction, Euston, King's Cross, Liverpool Street, London Bridge, Paddington, Victoria and Waterloo.

A Network Rail spokeswoman told MailOnline: 'We are currently dealing with a cyber security incident affecting the public Wi-Fi at Network Rail's managed stations.

'This service is provided via a third party and has been suspended while an investigation is underway.'

Network Rail manages 20 stations across the network, with London St Pancras the only one that has not been affected by the attack.

And a British Transport Police spokesman said: 'We are aware of a cyber-attack that affected some Network Rail wi-fi services, reported to us at around 5.03pm on September 25. 

'We are working with Network Rail to investigate the incident.'

A spokeswoman for Telent said: 'We are aware of the cyber security incident affecting the public Wi-Fi at Network Rail's managed stations and are investigating with Network Rail and other stakeholders. 

'We have been informed there is an ongoing investigation by the British Transport Police into this incident, so it would not be appropriate to comment further at this stage.'

It comes after a separate cyber security incident was launched on Transport for London (TfL) on September 1, which saw some customer data accessed.

The cyber attack has been compared to the BBC's new drama Nightsleeper, starring Joe Cole
Nightsleeper features a train travelling from Glasgow to London which is hacked and hijacked

A 17-year-old boy has been arrested in Walsall on suspicion of Computer Misuse Act offences in relation to the TfL attack.

TfL has been investigating the incident alongside the NCA and said some customer names and contact details had been compromised.

Some Oyster card refund data may also have been accessed in the cyber attack which could include bank account details.

TfL said this could include bank account numbers and sort codes for about 5,000 customers, and it has directly contacted these people with guidance.

Meanwhile the Football League has issued an alert to clubs following a series of cyber attacks which have seen breaches at both Bristol City and Sheffield Wednesday in recent weeks.

Hackers are thought to be targeting many of the league’s bigger clubs, hunting for the personal data of season ticket holders and those on email lists.

Should they be successful, that information, which can include passwords, is often sold on to a variety of buyers which are thought to include organised crime networks who can then attempt to use the data to carry out a variety of scams.

A further cyber attack back in June led to more than 10,000 NHS appointments being cancelled after pathology services provider Synnovis was targeted.

The hackers were thought to have obtained confidential medical information and blood test results of more than 100,000 patients.

Last month, they were ordered by a High Court judge to 'unmask' themselves and return or delete the stolen data.

And in July, Microsoft suffered a service outage which affected some of its apps and features which was sparked by an attempted cyber attack on its Azure cloud platform.