Hundreds of Rail Ticket Machines in Northern England Still Offline Due to A Cyberattack

Northern train arriving in train station in the UK. Hundreds of rail ticket machines in Northern England still offline due to a cyberattack

621 self-service rail ticket machines in more than 420 stations across Northern England are still offline following a suspected ransomware attack. According to Northern Train, a publicly owned train operator, the perpetrators did not compromise customer or payment data.

Brand-New Machines Malfunctioning

Last week, Northern Trains, the government-owned train operating company in the UK, started experiencing problems with their touch screen rail ticket vending machines. Ironically, the machines are brand-new. Northern installed the machines only two months ago as part of their “A Better Way to Go” campaign.

Initially, Northern Trains announced that it would install 600 new machines in a bid to make purchasing fares faster and easier for its customers, particularly at unstaffed stations. The rail operator invested £17 million ($23 million) in the scheme. In total, Flowbird, a third-party vendor, installed 621 modern touch-screen ticket vending machines at 420 locations.

At first, it wasn’t clear what was happening. On Northern’s Twitter page, messages from travelers started coming in on 14 July. The incidents, however, seemed isolated. As a “temporary” measure, Northern asked people who already bought a ticket to request a refund or try to collect their ticket from another station.

Thrown off the Train

A couple of days later the problems seemed to persist. “Sorry for the hassle here. Our technical team are working hard to get the issue rectified. All our colleagues are aware of this problem. If you are unable to use the app to purchase tickets our conductors will be able to sell tickets on board”, Northern replied to one disgruntled customer.

Apparently, some conductors were unaware of the technical issues. On 18 July, a customer posted: “Ticket man on train intent on ejecting us from train. ‘I decide who gets on this train. Get off and get your tickets out of the machine.’ Explained machine not working. He threw us off the train. Wouldn’t accept the email showing purchase with bank card details. Awful.”

This happened despite an earlier post from Northern stating “If you have already purchased your ticket and selected ‘collect from station’, you can collect from ticket offices at any Northern station. If there is no ticket office at your station, you can board your train with proof of purchase.”

Suspected Ransomware Attack

A week following the start of the technical difficulties, Flowbird, the third-party supplier of the train ticket vending machines, revealed that there were indications that they had been hit with a ransomware attack. The incident seemed to be limited to the servers operating the machines. According to Northern rain, customer and payment data has not been compromised.

The investigation is ongoing. At the moment, it is unclear who is behind the attack or what the cybercriminals are attempting to achieve. Neither Northern nor Flowbird gave any details about a ransom demand either. In a statement on their website, Northern Trains simply said that they were experiencing technical difficulties with their self-service ticket machines. And that they have taken all machines offline.

In the meantime, customers can either use Northern’s mobile app or website to purchase tickets and collect those tickets from one of their manned ticket offices. Customers who would normally use ‘promise to pay’ slips, can board their booked service and speak to the conductor. Or to Northern staff at their destination station.

IT communication specialist
Sandra has many years of experience in the IT and tech sector as a communication specialist. She's also been co-director of a company specializing in IT, editorial services and communications project management. For she follows relevant cybercrime and online privacy developments. She rigorously tests the quality of VPN services using's dedicated VPN testing protocol that has been finetuned and optimized over the years.