An employee of a technology company in London has been arrested after Scotland’s busiest rail stations were hit by a UK-wide hack of passenger Wi-Fi systems.

The unnamed man was arrested after 19 stations operated by Network Rail – including Glasgow Central and Edinburgh Waverley – were hit by a hack on Wednesday evening.

The incident began with passengers logging onto station Wi-Fi and seeing messages about terror attacks across Europe.

The Manchester Evening News initially reported they saw a webpage containing details of terrorist incidents in the UK and abroad.

British Transport Police later confirmed Islamophobic messaging had appeared on the landing page of the Wi-Fi log-in screen.

Wi-Fi services were suspended by the rail operator whilst Telent – an IT services contractor – investigated the incident, which affected all but one of the stations operated by Network Rail. Global Reach Technology is a subcontractor delivering Wi-Fi services, as part of a contract issued by Network Rail four years ago. Sources at Telent described the hack as an “act of cyber vandalism.”

A British Transport Police spokesperson said: “A man has been arrested following a British Transport Police investigation into the abuse of access to some Network Rail Wi-Fi services yesterday [Wednesday].

“The man is an employee of Global Reach Technology who provide some Wi-Fi services to Network Rail. He has been arrested on suspicion of offences under the Computer Misuse Act 1990 and offences under the Malicious Communications Act 1988.

The investigation was being led by BTP but the force also said it was ‘linked in’ with the National Cyber Security Centre.

A Network Rail spokesman said: “Last night the public wifi Network Rail’s managed stations was subjected to a cybersecurity incident and was quickly taken off-line. The incident is subject to a full investigation.

“The wifi is provided by a third party, is self-contained and is a simple ‘click & connect’ service that doesn’t collect any personal data. Once our final security checks have been completed we anticipate the service will be restored by the weekend.”

Ten stations in London were affected by the hack. They were: Euston, Victoria, King’s Cross, London Bridge, Cannon Street, Charing Cross, Liverpool Street, Paddington, Clapham Junction and Waterloo. 

Other stations targeted by the hack include Manchester Piccadilly, Birmingham New Street, Glasgow Central, Leeds City, Liverpool Lime Street, Bristol Temple Meads, Edinburgh Waverley, Reading, Guildford.

Network Rail also manages the operations at London St Pancras International, but that station was not listed among those affected. Telent won the contract to deliver free Wi-Fi for passengers starting in Spring 2020. The WiFi service offered ‘single sign-on’, automatically connecting passengers to WiFi in all of Network Rail’s 20 managed stations.

Delivery partner Global Reach Technology, which has offices in London and Los Angeles, was also involved in the project.

A spokesperson for Telent, headquartered in Warwick, said: “Following the incident affecting the public Wi-Fi at Network Rail’s managed stations, Telent have been working with Network Rail and other stakeholders.

“Through investigations with Global Reach, the provider of the Wi-Fi landing page, it has been identified that an unauthorised change was made to the Network Rail landing page from a legitimate Global Reach administrator account and the matter is now subject to criminal investigations by the British Transport Police.

“No personal data has been affected. As a precaution, Telent temporarily suspended all use of Global Reach services while verifying that no other Telent customers were impacted.”