Prevention and preparedness of risks in railway transportation systems is crucial for homeland security and require, among other things, a proper analysis of the vulnerabilities of the assets, a clear awareness of criticalities, possible countermeasures and adequate methods to design, scale and optimize the protection. To this end, in this paper we present an analysis of various security incidents and terrorist attacks that took place from 1972 to 2011; all involving railway infrastructures. All of the collected information has been stored in a database, aptly named RISTAD (Railway Infrastructure Systems Terrorist Attacks Database). Specifically, this research focuses on railway assets in order to identify those environmental, architectonic and infrastructural aspects that make such targets more “attractive” from a criminal point of view. We analyzed about 540 criminal-related episodes utilizing open source documents in an effort to correlate the acts with the peculiar characteristics of the asset. The last section is specifically focused on stations, attempting to emphasize both interesting and, for some aspects, non-intuitive correlation among collected data (e.g., lethality and number of attacks as a function of the number of tracks, the number of daily passengers, station extension, presence and type of security systems, etc.).