Unencrypted web form and travel delays anger UK c2c rail commuters

Train travel via rail operator c2c in south-east England has recently become more of an annoyance for already angry commuters. Not only has c2c managed increase delays with a new schedule but a new compensation form on its website has become the cause of basic security issues.

According to The Register, the unencrypted form that was initially used requested private information of c2c rail commuters. Names addresses, phone numbers, c2c Smartcard Numbers and travel details were collected, however no personal financial information was gathered from the website. Additionally, the email addresses of over 500 people were disclosed as the company failed to use the BCC field in a recent bulk email.

c2c said, “Our standard practice is to encrypt our web forms, and all previous similar schemes have been fully encrypted. In this instance the form was loaded to the wrong server in error, but it was replaced with an encrypted version after a few hours, once we became aware of the issue.”

A spokesman for c2c said that the company apologised immediately to all concerned about its error. All affected will be advised on the company's next steps once the investigation is completed.

Major changes to the schedules were instituted in December 2015 due to a 15 percent increase in passengers in the last five years. Thus, the rail lines became overcrowded and delays drove commuters to backlash c2c via social media and form a protest at Fenchurch Street Station in London, which was attended by Southend West MP David Amess.

“The line had a reputation as being the misery line. I cannot believe that I supported c2c in the renegotiation of the new 15-year franchise and then in the space of five weeks this first class service has been absolutely ruined as a result of these timetable changes,” Amess stated.