After British Airways and Cathay Pacific, European rail service, Eurostar, has joined the legion of transportation companies that have become a victim of a cyber-attack.
The breach into its systems to access user accounts occurred between October 15 and 19, 2018, and was detected by the company. The company immediately notified the customers stating that it had identified multiple attempts to access eurostar.com accounts using users’ email addresses and passwords and instructed customers to immediately reset their login credentials and passwords.
On the bright side, there are hardly any chances that credit card details and payment information of users were compromised as payment details are not stored online by the company. Even though the company is still uncertain about the magnitude of the attack surface or even the fact that if any data has been stolen. The company also reported the incident to the Information Commissioner’s Office (ICO) as required by law.
“We have taken this action as a precaution because we identified what we believe to be an unauthorised automated attempt to access eurostar.com accounts using your email address and password,” the company told customers. “We’ve since carried out an investigation which shows that your account was logged into between the 15 and 19 October. If you didn’t log in during this period, there’s a possibility your account was accessed by this unauthorised attempt.”
The company has still not revealed if they have found the origin of the attack. Earlier, when the company rolled out emails to customers to reset passwords, the company told the customers that it was due to “maintenance” to the firm’s website.
“This email was sent after we identified what we believe to be an unauthorised automated attempt to access customer accounts, so as a precaution, we asked all account holders to reset their password,” explained a Eurostar spokesperson. “We deliberately never store any payment details or bank card information, so there is no possibility of those being compromised”.