Passengers have been unable to purchase train tickets online and at ticket machines since Wednesday following an attack on the websites belonging to Swedish rail operator SJ.
It remains unknown who is responsible for the attack and SJ’s press officer said it’s too early to determine the extent of the damage, but added that there was no risk that passengers have lost any money.
“We’re working intensively with our suppliers to solve this. But right now, we don’t have any prognosis,” Thelma Henrysson, spokeswoman at SJ, told the TT news agency.
People who have bought tickets but are unable to collect them because of the attack will still be allowed to ride trains, and those who have not managed to buy tickets can purchase them on board without extra cost.
It remains unclear exactly what kind of attack is being carried out on SJ, although elements mirror a DDOS attack that hit public transit service Skånetrafiken in southern Sweden earlier this week.
A DDOS attack is where a website is bombarded with communication requests so that the servers become overloaded and the site crashes.
Lars-Göran Emanuelson, an expert at the Swedish Civil Contingencies Agency (Myndigheten för samhällsskydd och beredskap, MSB), said such attacks are “not uncommon”, and that the goals of the attackers can vary.
“I could only speculate about the reason behind this specific attack. But it’s usually based on some kind of displeasure,” he said, adding that it’s hard to stay protected from such attacks.
“The bombardment in cases such as this are so high that the server can’t manage and shuts itself down.”