Rail Users Data Exposed Online

We’re all guilty of it. Quickly joining the public WiFi to look on social media, check emails, play games or enjoy our favourite film or tv show whilst killing time at a train station.

However, a recent data breach has resulted in personal information, including email addresses, and dates of birth of approximately 10,000 railway passengers being readily available on the internet. The data was collected at railway stations across the UK.

Researcher, Jeremiah Fowler, from Security Discovery, discovered the database which wasn’t password protected and contained 146million data records on an unsecured Amazon server.

Mr Fowler informed Network Rail and their service provide, C3UK, of the blunder. After being notified, C3UK secured the database.

However, prior to this the BBC saw screenshots pertaining to the information of some of the stations the data was harvested from. These stations included: Harlow Mill, Chelmsford, Colchester, Wickford, Waltham Cross, Norwich and London Bridge.

C3UK issued a statement which said:

“To the best of our knowledge, this database was only accessed by ourselves and the security firm, and no information was made publicly available.

“Given the database did not contain any passwords or other critical data such as financial information, this was identified as a low-risk potential vulnerability.”

Whether this was or wasn’t a low-risk vulnerability it’s a timely reminder of the dangers of logging onto public WiFi. Always ensuring your internet connection is secure will enable you to keep control of your data.