EXCLUSIVE: Network Rail, the government-owned rail infrastructure firm, received some 7.1 million malicious emails between December 2025 and March this year, the new statistics highlight
Network Rail was hit with more than seven million cyber attacks in three months, data shows.
The government-owned rail infrastructure firm received some 7.1 million malicious emails between December 2025 and March this year.
The figure, obtained under Freedom of Information laws, comes days after two teen members of hacking group Scattered Spider were were in court for crippling Transport for London’s IT system.
Owen Flowers, 18, and Thalha Jubair, 20, pleaded guilty to cyber offences in 2024, which caused months of disruption and cost the operator £39million. But Network Rail managed to block the more recent, unrelated emails, including 37,000 phishing threats. This is when hackers send messages with links to bugged sites.
Just one email bypassing defences can be extremely damaging. In September 2024, an attack on Network Rail’s public wi-fi led to customers fearing a terror attack was imminent, including at Manchester Piccadilly.
Last night, experts warned attacks are on the rise and urged public bodies to tighten security. Simon Edwards of cyber security firm SE Labs said: “The recent news that members of cybercrime group Scattered Spider pleaded guilty to the 2024 TFL cyber attack serves as a stark reminder that our most critical infrastructure operations are a highly vulnerable target to cyber gangs.
“With so many people in the UK depending on public transport for their daily lives, a successful cyber attack could cause significant disruption, such as potentially stopping people from getting to work. Therefore, it’s vital that our public sector organisations have a dedicated cyber strategy put in place and ensure rigorous testing to identify any security holes and keep hackers at bay.”
Scattered Spider has been linked to dozens of other cyber-attacks including on Marks and Spencer and the Co-op. Hackers typically target firms to make money, steal valuable secrets or cause political disruption.
Network Rail was approached for comment.
