Northern rail's new self-service ticket machines have been targeted by a suspected ransomware cyber-attack.
The system has been offline since last week and an investigation is under way.
It comes just two months after 621 of the touch-screen units were installed at 420 stations across the north of England at a cost of £17m.
The government-run operator said it had taken "swift action" along with its supplier, Flowbird, and customer and payment data had not been compromised.
Only the servers which operate the ticket machines have been affected, Northern said.
"This is the subject of an ongoing investigation with our supplier, but indications are that the ticket machine service has been subject to a ransomware cyber-attack," it confirmed.
Flowbird said the problem was first identified through cyber monitoring systems.
"We immediately instigated our major incident procedure in order to protect other parts of the network and our checks have shown there has been no compromise to any personal data," a spokesperson said.
Northern's website said there had been a fault with the self-service ticket machines and it had been experiencing "technical difficulties".
Customers have been advised to use either its app or website to buy tickets in advance, and they can be collected from one of its ticket offices.
Northern apologised for "any inconvenience" caused.
"We are working to restore normal operation to our ticket machines as soon as possible," it added.
"Customers who have already bought tickets to be collected at a machine, or who would normally use 'promise to pay' slips, should board their booked service and either speak to the conductor or to Northern staff at their destination station."
Northern, which was previously operated by Arriva Rail North, was taken over by the government last year after a series of problems including a timetable change which led to delays and cancellations to services.