I got the decision notice from the Information Comissioner about this today

LNER commented that there has already been a real world case in Germany where fraudsters used publicly available eTicket specifications (similar to ERA B.12) and a stolen single signing key to create fake but valid tickets. It said the fraudsters’ barcodes passed all checks because the information they needed to make an apparently valid but fraudulent ticket was public.

They used my own work against me