UK-based Network Rail has confirmed that the personal details of commuters using free Wi-Fi at railway stations were exposed online.

According to the BBC, the exposed data includes email addresses and travel histories of around 10,000 people. Internet service provider C3UK has also admitted the leak.

Affected stations include Harlow Mill, Chelmsford, Burnham, Norwich and London Bridge among others.

The confirmation comes after security researcher Jeremiah Fowler found the database containing traveller data on unsecured Amazon web services storage.

The database contained 146 million records and was not password protected. It also included details about the type of software used by connected devices.

Subsequently, C3UK secured the exposed database.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The internet service provider was quoted as saying: “To the best of our knowledge, this database was only accessed by ourselves and the security firm and no information was made publicly available.”

According to the BBC report, C3UK chose not to inform data regulator Information Commissioner’s Office (ICO) after learning about the leak, as it identified the incident as a ‘low-risk potential vulnerability’.

However, experts believe that the exposed travellers can become a victim of phishing attacks, malware attacks and spamming.

CybSafe CEO Oz Alashe said: “C3UK is just the latest in a long line of organisations that have suffered a data leak as a result of incorrect database configurations.

“In the case of C3UK, the compromised information appears to be limited to email addresses and travel details only.

“Nevertheless, such information could still be leveraged for phishing attacks and targeted spear-phishing attacks.”