An individual has been arrested on suspicion of involvement in the recent hack of UK railway stations, which led to offensive messages being displayed to passengers trying to access public Wi-Fi.

The British Transport Police (BTP) disclosed that the suspect is an employee of Global Reach Technology, a company that provides Wi-Fi services to Network Rail. The individual is believed to have engaged in “abuse of access” to some of Network Rail’s Wi-Fi services.

He has been arrested on suspicion of offenses under the Computer Misuse Act 1990 and the Malicious Communications Act 1988.

Further details about the suspect have not been shared by the authorities.

Defacement References a Tragic Past Incident

The incident occurred around 5.00pm BST on Wednesday, September 25, affecting several major UK train stations managed by Network Rail, such as London Euston, Manchester Piccadilly, and Liverpool Lime Street.

Passengers trying to connect to Network Rail’s Wi-Fi were redirected to a webpage displaying offensive content related to a previous terror attack in the UK.

Telecommunications company Telent, responsible for operating the affected Wi-Fi system, explained that the breach was the result of an unauthorized modification to the landing page utilizing a legitimate administrator account.

Network Rail promptly suspended its Wi-Fi services at all its stations nationwide to resolve the issue.

The BTP clarified that the abuse of access was limited to the defacement of the Wi-Fi splash pages, and there is no indication that personal data was compromised.

Normal Wi-Fi services at the stations are anticipated to resume by the upcoming weekend.

This incident follows a recent cyber-attack on Transport for London (TfL) in early September 2024.

In a recent update on the breach, TfL informed that it has contacted approximately 5000 customers whose personal information was accessed by the hackers, which included some individuals’ bank account details.

The National Crime Agency (NCA) arrested a 17-year-old male on September 5 on suspicion of Computer Misuse Act offenses related to the TfL attack.