The self-ticketing terminals at Northern Railway were hit by a ransomware cyberattack, and the system has been offline while regulators investigate the issue, the BBC and other news outlets reported on Tuesday (July 20).
The breach follows the £17 million May installation of 621 touch-screen terminals that were installed at 420 rail stations.
Coupled with its supplier Flowbird, the government-run operator indicated that no sensitive data — including customer payment information — were exposed. Government officials are working with Flowbird to mitigate the situation.
“This is the subject of an ongoing investigation with our supplier, but indications are that the ticket machine service has been subject to a ransomware cyberattack,” the railway said, per BBC.
Flowbird spotted the issue via its cyber monitoring systems, and said that it implemented its “major incident procedure” to safeguard the network. “… our checks have shown there has been no compromise to any personal data,” said a spokesperson.
Customers were told to use digital avenues to purchase advance tickets, which can be picked up at ticket offices. “We are working to restore normal operation to our ticket machines as soon as possible,” the railway said, per BBC.
“Customers who have already bought tickets to be collected at a machine, or who would normally use ‘promise to pay’ slips, should board their booked service and either speak to the conductor or to Northern staff at their destination station,” according to Northern.
Northern, which had been run by Arriva Rail North, was taken over by the British government in 2020 following a number of issues related to service delays and cancellations, the BBC reported.
Ransomware attacks are now a top priority for the British government, according to the National Cyber Security Centre (NSCS). Since the agency was first launched five years ago, it has dealt with more than 2,000 “significant” incidents and eradicated some 700,000 online scams last year.