Eurostar data breach: what happened and are you affected?
Cross-Channel rail operator is the latest travel firm to be hacked
Eurostar has been forced to reset the passwords of some customers’ online accounts after becoming the latest company to be hit by hackers.
A spokesperson for the cross-Channel rail service told the BBC that an “unauthorised automated attempt to access customer accounts” occurred between 15 and 19 October.
Once the hack was identified, the company “blocked access and asked customers to reset their passwords as a precautionary measure”, the spokesperson added.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
It also claims that no credit card details were exposed during the attack, as Eurostar “deliberately” never stores card information.
However, Alphr says the company has yet to confirm “whether any data has actually been taken” and how many customers were affected.
Eurostar alerted the Information Commissioner’s Office (ICO), an independent body that handles data protection enquiries, after the breach was discovered “as required by law”, according to the tech site.
The ICO has confirmed that it has received a “breach report from Eurostar and are making enquiries”.
Are you affected?
Given that Eurostar has not disclosed any specific details about the hack, it’s difficult to pinpoint whether any customers have been affected by the breach.
One Twitter user, though, has posted an email they received from Eurostar to explain why it reset customer passwords.
The company wrote: “We’ve since carried out an investigation which shows that your account was logged into between the 15 and 19 October. If you didn’t log in during this period, there’s a possibility your account was accessed by this unauthorised attempt.”
Eurostar says customers concerned about their data should contact its customer support email with the subject line “account password change”.
Has this happened before?
Yes, there have been a series of high-profile attacks on travel companies in the past two months alone.
The first arose in early September when British Airways revealed that personal details and card information regarding almost 200,000 of its customers were accessed between 21 August and 5 September.
The information was taken from around 380,000 online transactions and has been dubbed by experts as “one of the biggest breaches of consumer data the UK had ever seen”, The Daily Telegraph reports.
Meanwhile, Hong Kong’s flag carrier Cathay Pacific announced last week that the personal details of 9.4 million customers had been compromised during an attack in May.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
Why Bhutan hopes tourists will put a smile back on its face
Under The Radar The 'kingdom of happiness' is facing economic problems and unprecedented emigration
By Chas Newkey-Burden, The Week UK Published
-
7 beautiful towns to visit in Switzerland during the holidays
The Week Recommends Find bliss in these charming Swiss locales that blend the traditional with the modern
By Catherine Garcia, The Week US Published
-
The Week contest: Werewolf bill
Puzzles and Quizzes
By The Week US Published
-
Questions arise over the use of an AI crime-fighting tool
Under the Radar The tool was used in part to send a man to prison for life
By Justin Klawans, The Week US Published
-
Why Captchas are getting harder to solve
Under The Radar If the process continues to get harder, it could cause problems for people trying to book tickets for popular shows
By Chas Newkey-Burden, The Week UK Published
-
Data breaches increased in 2023 and with them, internet security concerns
The Explainer One report found a 78% year-to-year increase in breaches from 2022 to 2023
By Justin Klawans, The Week US Published
-
Cyberflashing, fake news and the new crimes in the Online Safety Act
The Explainer UK's first conviction demonstrates scope of controversial law that critics describe as a threat to privacy and free speech
By Harriet Marsden, The Week UK Last updated
-
Russian hackers allegedly breach US government agencies in cyberattack
Speed Read
By Theara Coleman Published
-
Clop gang: Russian hackers issue ‘dark web ultimatum’ to BBC, Boots and BA
Under the Radar Affected companies urged to install security patches and not pay cyber criminals behind hack
By Rebekah Evans Published
-
Catfishing: what the law says
feature Campaigners are calling for online deception to become a specific criminal offence
By The Week Staff Published
-
What is ‘sextortion’ and why are cases on the rise?
In Depth Police issue warning over criminal extortion using threat of sharing sexual images
By The Week Staff Published