The email addresses and the travel details of about 10,000 people who used the free Wi-Fi at NR’s stations have been exposed online. The data base that was found online by a security researcher, contained 146 million records, including personal contact details and dates of birth, this was also not password protected and could be accessed easily by someone of the public.
C3UK told the BBC “Given the database did not contain any passwords or other critical data such as financial information, this was identified as a low-risk potential vulnerability."
C3UK have said that they have not informed the ICO as they do not believe that any data had been stolen or accessed by any other party.
The ICO had confirmed this to the BBC and said “When a data incident occurs, we would expect an organisation to consider whether it is appropriate to contact the people affected and to consider whether there are steps that can be taken to protect them from any potential adverse effects,"