An “unauthorized attempt” to hack Eurostar systems containing users’ emails, passwords, credit card information and other data has forced the company to reset all passwords.
Eurostar customers began receiving emails confirming the attempted hack, which had attackers target users’ email and passwords between the 15th and 19th of October.
The company insisted that payment details including credit card information was not comprised as a result of keeping those very details offline.
“We have taken this action as a precaution because we identified what we believe to be an unauthorized automated attempt to access eurostar.com accounts using your email address and password,” the company told customers via email.
Notably, the firm declined to say if any of the hacking attempts were successful, according to the BBC.
In contrast to the report, the firm had previously fielded questions from customers asking why their account passwords were reset. In response, the company said in a tweet on October 22 that it was a result of “maintenance” within the firm’s website.
The data breach comes at a time when Europe has implemented the General Data Protection Regulation (GDPR), a safeguard and legislation that mandates organizations in the EU to disclose any breach involving EU citizens. If companies do not inform regulators of serious personal data breaches within 72 hours of learning a breach, they face substantial fines.
A spokesperson for the Information Commissioner’s Office in the UK said the authority had been made aware of the incident.
“We’ve received a data breach report from Eurostar and are making enquiries,” the spokesperson told the BBC.
Image credit: Pixabay.