Following a recent attempt by hackers to access an unspecified number of accounts, Eurostar has reset its customers’ login passwords.
The rail service said it had notified those whose accounts had been targeted. But the move still caused some inconvenience for customers who were caught unaware.
Other passengers will be told they have been blocked the next time they try to log in and will be asked to reset their details, it said.
Eurostar has also said payment details were not affected but haven’t yet confirmed if the attempted breach was successful in some of the accounts.
‘We believe this to be an unauthorised automated attempt to access customer accounts,’ a spokesman revealed.
Credit cards ‘not compromised’
‘As a result, we blocked access and asked customers to reset their passwords as a precautionary measure.
‘We deliberately never store any bank card information, so there is no possibility of compromise to credit card or payment details.’
The firm said the attacks had taken place between 15 and 19 October and involved a ‘small number’ of internet protocol (IP) addresses.
It is not disclosing whether their origin has been traced.
Customers who previously asked why their passwords had been reset had been told it was the result of ‘maintenance’ to the firm’s website.
— Melinda Hughes (@melhugsopera) October 28, 2018
The Information Commissioner’s Office said it had been made aware of the incident, in line with the General Data Protection Regulation (GDPR) – which came into force in May this year. It mandates organisations to report any serious personal data breaches to regulators within 72 hours of it becoming aware of them or face a fine, even if they do not have all the details.
‘We’ve received a data breach report from Eurostar and are making enquiries,’ said a spokeswoman.
In recent weeks, a number of airlines have revealed they have also been targeted by hackers.
Cathay Pacific said personal data belonging to up to 9.4 million passengers had been accessed
British Airways said it had discovered two attacks, one involving 380,000 transactions made via its website, the other affecting more than 185,000 people whose payment card details had been stolen
Air Canada confirmed that 20,000 of its customer accounts might have been breached
It is not clear whether any of this activity is linked.