Incident Report – Ticket Offices; Inability to Sell Tickets
Post Test Update
Over the last week, malicious action targeted at one of the suppliers to our ticketing system has meant c2c station ticket offices have been unable to sell tickets. Other channels have remained operational, such as ticket machines, the website and app, but we appreciate some of our customers rely on the station ticket office and we would like to apologise for the inconvenience. As of Wednesday 30 March, our ticket offices are open and selling tickets to customers.
If you usually purchase your ticket from our station ticket office, and had to purchase an alternative, higher priced ticket from the ticket machine or online during the closure of the ticket offices, you may be due a refund for the difference.
On Wednesday 23 March, we were informed by the third-party supplier who provides the technology behind our ticket office system, that malicious action had occurred and as a result ticket office machines would be unavailable. Staff handheld devices and the back-office system used by our customer relations team were also affected.
While the malicious action was targeted at our suppliers, the impact was felt by c2c, our parent organisation Trenitalia and others across Europe.
The c2c and Trenitalia teams have been working together to resolve the issue. While getting back to normal took longer than hoped, it was important that cyber security specialists were able to thoroughly assess the threat and create a safe and effective solution. This process was complex and took time to conclude.
Our ticketing system was not directly affected by the malicious action, only the server that manages the login was. This action made it impossible for staff to access ticket offices, mobile devices and back-office applications due to the fact that our ticket offices require staff to login to the devices to perform their activities, using their corporate account. This is why the mobile app, website and ticket vending machines were not affected.
We can confirm customer data has not been compromised. The impact of the malicious action was restricted to the log-in part of our station ticket offices, and not the operating system itself.
What was the impact, and what did we do about it?
We were unable to sell tickets from station ticket offices. While alternative channels were still able to sell tickets, a knock-on impact was that our ticket vending machines were busier than usual, especially during peak hours.
We put a notice on the homepage of our website to communicate to customers that they would be unable to purchase tickets from the station ticket office. Our advice was that customers should purchase in advance (if possible) online, using the app, or using the ticket machines.
This message was refreshed and shared several times a day via our social media channels. Our social media team also shared videos on ‘how to register a smartcard’ and ‘how to load tickets onto a smartcard’, so first-time users had access to basic information to get them started.
Additionally, c2c’s parent organisation, Trenitalia, issued a statement on 26 March, which was reported on by local media outlets.
When our ticket offices were unable to sell tickets our ticket office staff assisted customers who needed help with the ticket machines and provided c2c smartcards to customers who did not have one.
A c2c smartcard is free and can be requested from the c2c website and when combined with the smartphone app, is a powerful tool for buying tickets and avoiding queues.
The issue with our ticket offices did not impact on the running of our trains. However, if you were unable to purchase your usual ticket from the ticket office and needed to purchase an alternative, higher priced ticket, using a ticket machine or online, you may be entitled to a refund for the difference.
You will need your ticket and/ or a receipt, and you should contact the customer relations team firstname.lastname@example.org to explain your situation.