Network Rail leaked data of free Wi-Fi users

News
By published

Thousands of free Wi-Fi users at UK stations may have had online data breached

(Image credit: Shutterstock.com / LDprod)

Thousands of rail travellers across the UK may have had their online browsing habits leaked online, researchers have warned.

Users who signed up to use free Wi-Fi networks at multiple stations have been affected, with Network Rail and service provider C3UK confirming the breach of a database containing around 146 million records.

Around 10,000 users are thought to have been affected by the breach, which could have allowed tracking of an individual's travel habits, along with access to personal information including personal contact details and even date of birth.

Free Wi-Fi breach

The database, which was not password-protected, was discovered online by researcher Jeremiah Fowler from consultancy firm Security Discovery. Found on an unsecured Amazon Web Services storage platform, the database appears to have been created between November 28 2019 and February 12 2020.

The affected stations included major travel hubs such as London Bridge, as well as commuter hot-spots such as Chelmsford, Burnham and Norwich.

Fowler said that his research suggested hackers could search the database via username, allowing them to spot individual travel journeys whenever the Wi-Fi connection was completed.

According to the BBC, Fowler alerted C3UK to the breach as soon as it was discovered, but the company took nearly a week to reply. C3UK said that the exposed database, which it claims was a back-up copy, was secured as soon as it had been drawn to their attention.

"To the best of our knowledge, this database was only accessed by ourselves and the security firm and no information was made publicly available," it said.

"Given the database did not contain any passwords or other critical data such as financial information, this was identified as a low-risk potential vulnerability."

C3UK added that it would not be informing the Information Commissioner's Office (ICO) about the breach as the data had not been stolen or accessed by any other party.

Via: BBC News

Mike Moore
Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake
More about security
Sam Altman and OpenAI

OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Apple Mac Mini M4

The powerful Apple Mac mini M4 drops to an unbelievably low-price of $499
See more latest
Most Popular
A mobile phone showing the Signal logo in front of a screen showing the app
Signalgate explained: what is Signal, and how secure is the messaging app?
Asus Ascent GX10 Rear
Asus's more affordable version of Nvidia's uber-popular Project Digits snapped at GTC 2025
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
The cast of Black Mirror season 7
Everything new on Netflix in April 2025 – including Black Mirror season 7 and Love on the Spectrum
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think