Network Rail Targeted by Massive Cyber Attack Campaign
Network Rail, the government-owned rail infrastructure firm, was hit with over seven million cyber attacks in just three months, newly released data reveals. The staggering figure, obtained under Freedom of Information laws, shows that between December 2025 and March 2026, the company received approximately 7.1 million malicious emails.
Among these were 37,000 phishing threats, where hackers send deceptive messages containing links to compromised websites. Despite the high volume, Network Rail successfully blocked the emails, preventing any direct breaches.
Context of Rising Cyber Threats
The revelation comes shortly after two teenage members of the hacking group Scattered Spider appeared in court for crippling Transport for London’s (TfL) IT system. Owen Flowers, 18, and Thalha Jubair, 20, pleaded guilty to cyber offences in 2024, causing months of disruption and costing TfL £39 million. Scattered Spider has also been linked to attacks on Marks & Spencer and the Co-op, highlighting the group’s broad targeting of UK infrastructure and retail.
Potential Consequences of a Single Breach
Experts warn that even one successful email bypass could be catastrophic. In September 2024, a cyber attack on Network Rail’s public Wi-Fi at Manchester Piccadilly led to passengers fearing an imminent terror attack. Simon Edwards, from cyber security firm SE Labs, commented: “The recent news that members of cybercrime group Scattered Spider pleaded guilty to the 2024 TfL cyber attack serves as a stark reminder that our most critical infrastructure operations are a highly vulnerable target to cyber gangs.”
Edwards added: “With so many people in the UK depending on public transport for their daily lives, a successful cyber attack could cause significant disruption, such as potentially stopping people from getting to work. Therefore, it’s vital that our public sector organisations have a dedicated cyber strategy put in place and ensure rigorous testing to identify any security holes and keep hackers at bay.”
Motives Behind the Attacks
Hackers typically target firms to make money, steal valuable secrets, or cause political disruption. Network Rail, as a critical infrastructure provider, remains a high-profile target. The company was approached for comment but did not respond.
