Nineteen major railway stations across Britain including ten in London have been hit by a major cyber attack impacting their public wi-fi systems for passengers.
Network Rail confirmed London Euston, Manchester Piccadilly, Liverpool Lime Street, Birmingham New Street and Glasgow Central were among those impacted.
British Transport Police launched an investigation after travellers logging into the wi-fi at stations reported seeing a message about terror attacks in Europe.
Wi-fi at the affected stations is controlled by a third-party provider called Telent, and understands other organisations have also been impacted by the attack.
The wi-fi landing page following the hack said ‘We love you, Europe’ and contained information about terror attacks, according to users posting on social media.
The attack has been compared to the BBC’s new drama Nightsleeper which features a sleeper train travelling from Glasgow to London which is hacked and hijacked.
The wi-fi was still down this morning at the stations, which also include Bristol Temple Meads, Edinburgh Waverley, Leeds, Guildford and Reading.
The ten London stations affected were Cannon Street, Charing Cross, Clapham Junction, Euston, King’s Cross, Liverpool Street, London Bridge, Paddington, Victoria and Waterloo.
A Network Rail spokeswoman told : ‘We are currently dealing with a cyber security incident affecting the public wi-fi at Network Rail’s managed stations.
‘This service is provided via a third party and has been suspended while an investigation is underway.’
Network Rail manages 20 stations across the network, with London St Pancras the only one that has not been affected by the attack.
And a British Transport Police spokesman said: ‘We are aware of a cyber-attack that affected some Network Rail wi-fi services, reported to us at around 5.03pm on September 25.
‘We are working with Network Rail to investigate the incident.’
Also today, a spokeswoman for Telent said: ‘We are aware of the cyber security incident affecting the public Wi-Fi at Network Rail’s managed stations and are investigating with Network Rail and other stakeholders.
‘We have been informed there is an ongoing investigation by the British Transport Police into this incident, so it would not be appropriate to comment further at this stage.’
While the cyber attack itself did not appear to be affecting train services today, there was major disruption on Avanti West Coast and TransPennine Express services.
All lines between Lockerbie and Carstairs were blocked after an object got caught in the overhead cables, affecting services between Carlisle, Glasgow and Edinburgh.
Elsewhere, flooding continued to disrupt services between Wanborough and Ash in Surrey – while a tree was blocking the line between Hebden Bridge and Todmorden in West Yorkshire.
It comes after a separate cyber security incident was launched on Transport for London (TfL) on September 1, which saw some customer data accessed.
A 17-year-old boy has been arrested in Walsall on suspicion of Computer Misuse Act offences in relation to the TfL attack.
TfL has been investigating the incident alongside the NCA and said some customer names and contact details had been compromised.
Some Oyster card refund data may also have been accessed in the cyber attack which could include bank account details.
TfL said this could include bank account numbers and sort codes for about 5,000 customers, and it has directly contacted these people with guidance.
Meanwhile the Football League has issued an alert to clubs following a series of cyber attacks which have seen breaches at both Bristol City and Sheffield Wednesday in recent weeks.
Hackers are thought to be targeting many of the league’s bigger clubs, hunting for the personal data of season ticket holders and those on email lists.
Should they be successful, that information, which can include passwords, is often sold on to a variety of buyers which are thought to include organised crime networks who can then attempt to use the data to carry out a variety of scams.
A further cyber attack back in June led to more than 10,000 NHS appointments being cancelled after pathology services provider Synnovis was targeted.
The hackers were thought to have obtained confidential medical information and blood test results of more than 100,000 patients.
Last month, they were ordered by a High Court judge to ‘unmask’ themselves and return or delete the stolen data.
And in July, Microsoft suffered a service outage which affected some of its apps and features which was sparked by an attempted cyber attack.
The US technology firm said problems on its Azure cloud platform had been triggered by a distributed denial-of-service (DDoS) attack, where hackers try to knock a platform offline by flooding it with traffic until it can no longer cope.