Reading:
Unsecured servers and databases – rail passenger data accessible online
Share:
rail passenger data accessible online

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Unsecured servers and databases – rail passenger data accessible online

Many data breaches occur not because of sophisticated hacks, but because of failures in cybersecurity defences. In such cases, the blame can primarily fall on the head of the data controller, who may have failed in their duty to protect personal information. For example, a potential data breach arose when a configuration issue in the systems of Network Rail left rail passenger data accessible online.

The error is one many companies cite when a data breach occurs, and one which can be indicative of systematic failings within an organisation. It often only takes one mistake or flaw to make a substantial hole in an organisation’s cybersecurity defences. As good cybersecurity is a key tenet of data protection law, data controllers with weak or faulty cybersecurity can be found in breach of the GDPR. The wider defences are only as good as the weakest link.

Where the GDPR is breached, those affected by the exposure of their information may be eligible to make a compensation claim. At Your Lawyers (T/A The Data Leak Lawyers), we represent data breach victims as a leading data breach claims law firm to fight for the justice that they deserve.

Rail passenger data accessible online – a near miss

In March last year, C3UK – the internet provider for UK railway stations – was made aware of a misconfigured database by a security researcher, an error that left rail passenger data accessible online.

About 10,000 travellers who had made use of free Wi-Fi at railway stations were affected, with the exposed information relating to contact data and dates of birth.

Having secured the database immediately after being notified of the issue, C3UK stated that it had only been accessed by their company and the security researcher, which should mean that the error is of minimal risk. However, if action had not been taken so quickly, the outcome may have been very different.

Leaving rail passenger data accessible online is certainly an invitation to fraudsters and cybercriminals who could abuse such information and cause harm to the victims.

Poor cybersecurity and compensation claims

Making rail passenger data accessible online is no small error when personal privacy is at stake. Similar mistakes have had much more severe repercussions. For example, the Virgin Media data breach occurred when a configuration error left a marketing database accessible online for 10 months, consequently exposing the personal data of 900,000 UK consumers. We are currently representing Virgin Media claimants in our group action.

When a cybersecurity error causes a data breach, companies cannot simply blame the breach on technology, or a select few IT employees. It is the responsibility of the company as a whole to implement rigorous procedures and protective measures to ensure that there are no chinks in the armour.

In cases where the company is found to have breached the GDPR, the victims could be eligible to claim compensation for the distress that they have endured, as well as any financial losses or expenses that the breach may have provoked.

Make your claim today

If you believe that you have been adversely affected by the exposure of your personal data, you may be able to claim data leak compensation under the GDPR.

As leading specialists in data protection law, we know how severe the repercussions can be, which is why we aim to help all data breach victims to access the justice they are entitled to.

Call us today for free, no-obligation advice on your potential claim.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon