Part of the British Transport Police’s (BTP) website has been hacked, the force has confirmed.
BTP said it was made aware of “a threat to the newsroom section” of its website – hosted by an external supplier.
The main page was unaffected but clicks on the “latest news” link are directed to a Tumblr blog run by the force.
Checks carried out by BTP, the National Cyber Security Centre and the National Crime Agency found “a small number” of staff details were leaked.
A force spokesman said: “This system has no affiliation with the Force’s crime management or command and control systems and has not compromised the Force’s operational capabilities.
“All the relevant authorities have been notified of this incident.”
An investigation is being carried out by the BTP, National Crime Agency and the National Cyber Security Centre.