Cyber Incidents Affecting Railways - A Threat to Customer Data

Railways and transportation organizations usually tend to store huge customer databases due to the high frequency of daily transactions. By targeting such organizations, hackers could grab a large chunk of customer data, as is evident from attacks on Stadler and several other railway companies.

Railways at risk of cyber attacks

Major railways across the US, Europe, and Asia have been hit with cyber attacks in recent times.
  • In May 2020, the IT networks of the Swiss manufacturer of railway rolling stock, Stadler, was targeted in a malware attack to steal information. This data leak could mean the theft of sensitive data of customers or employees.
  • In March 2020, Network Rail and the service provider, C3UK, confirmed that their database, that contained 146 million records, including personal contact details and dates of birth, was exposed online. It included email addresses and travel details of about 10,000 people who used the free wifi at UK railway stations named Harlow Mill, Chelmsford, Colchester, Wickford, Waltham Cross, Norwich, and London Bridge.
  • In January 2019, the official online booking platform of the China Railways (CR) suffered a massive data breach. The cybercriminals stole the personal information of nearly 5 million people which included names, ID numbers, and passwords.

Additional threats to the railway systems

These days, all major railway networks use internet-connected computer systems to monitor and manage the physical machinery of railways operation. These operational technologies (OT), as well as the third-party vendors operating them, may also introduce several risks of exposure of data.

  • In January 2020, Mitsubishi Electric Corporation was targeted in a massive cyberattack. The attack compromised documents related to projects with private firms, including utilities and railway operators.
  • According to a Cyberbit report, a large number of railway systems such as signaling system, train systems, and communication systems, Station Building Management systems such as smart building management systems, CCTV, etc., and the Infrastructure systems such as HVAC, oil repositories, mechanical systems, SCADA systems, etc. do pose a serious challenge to the railway networks and data stored in them.

How to stay safe

Users should always use public Wi-Fi with caution. They should not access personal bank accounts, or sensitive personal data, on unsecured public networks. Use encryption software that scrambles information sent or shared over the internet. Install trusted anti-virus software, anti-spyware software, and a firewall.