Hackers access Rail Europe databases – the biggest distributor of train tickets and passes on the continent – has been the victim of a data breach that went undetected for nearly three months.
The hack, which saw large volumes of personal data disclosed, first became apparent in February this year when Rail Europe was informed of a potential issue by one of its banks. Though the company immediately disconnected all affected servers, it soon transpired that the hack actually dated all the way back to November.
Following the discovery after hackers access Rail Europe databases, Rail Europe notified its customers that a large amount of personal and potentially identifiable data may have been disclosed. This included customers’ full names, genders, delivery addresses, invoice addresses, telephone numbers, email addresses and credit/debit card details (everything from card numbers to expiry dates and CVV codes). Furthermore, it appears usernames and passwords for certain accounts were also disclosed, putting all other accounts at risk where a user has logged in with the same details.
It has not yet been discovered how hackers managed to breach Rail Europe’s infrastructure – with analysts unable to find any immediately apparent fatal flaws. This has led some to believe that the breach could have come from hackers accessing the login details of a Rail Europe IT worker – one with sufficient rights to access the servers. This could also go some way to explaining why they went undetected for so long.
If this proves to be the case, it illustrates why businesses need to do more to protect consumer data than just technological measures. They also need to ensure that staff are fully trained and know the dangers that carelessness could put on the business. With potential fines (not to mention negative PR) for such data breaches reaching into the millions, employee carelessness could put companies out of business altogether.
Anyone with concerns over their own security credentials is advised to ‘think like a hacker’. Only then can defences fully and robustly be tested against exactly the kind of attack that could already be lying in wait.
For further information regarding how to minimise your risk of a data breach, please get in touch with us on 01293 871971 or email us at enquiries@m2computing.co.uk.