Cyber Incident Victim: c2c
Date:
Mar 2022
Location:
United Kingdom
Summary
A cyberattack targeted the parent company of a train operator in south Essex, disrupting ticket office sales and prompting passengers to use online platforms, ticket vending machines, or mobile apps for purchases. The incident caused prolonged station office closures, with the operator confirming technical difficulties and ongoing efforts to restore normal operations. Customers experienced inconvenience purchasing tickets, though alternative channels remained functional. The company apologized for disruptions and assured support via station staff and digital solutions while collaborating with suppliers to resolve the attack's impact.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around March 26, 2022, c2c train services operating in south Essex experienced a cyberattack targeting their station ticket office systems. The attack rendered ticket offices unable to process sales, forcing immediate closures across stations serving routes through Southend, Basildon, Thurrock, and other areas. Passengers attempting to purchase tickets at physical offices were redirected to alternative methods, including online platforms, the c2c mobile app, ticket vending machines, and Smartcard systems, which remained operational. c2c confirmed the incident originated from a cyberattack against parent company Trenitalia c2c, though technical specifics of the attack vector or perpetrator were not disclosed. The disruption persisted for multiple days, with no immediate resolution timeline provided by the operator.
Trenitalia c2c’s response included public advisories urging customers to use unaffected digital channels while collaborating with suppliers to restore ticket office functionality. Station staff remained available for customer assistance despite the office closures, and the company emphasized the availability of free Smartcards via their website as a contingency. No data breaches or compromises beyond the ticketing system outage were referenced in official statements. c2c issued formal apologies for the inconvenience, acknowledging the impact on passengers who relied on in-person ticket purchases. The incident exclusively affected station office ticket sales, with no reported disruptions to train operations, scheduling, or digital ticket validation systems during the attack’s duration.