Eurostar data breach: what happened and are you affected?

Eurostar has been forced to reset the passwords of some customers’ online accounts after becoming the latest company to be hit by hackers.

A spokesperson for the cross-Channel rail service told the BBC that an “unauthorised automated attempt to access customer accounts” occurred between 15 and 19 October.

Once the hack was identified, the company “blocked access and asked customers to reset their passwords as a precautionary measure”, the spokesperson added.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

It also claims that no credit card details were exposed during the attack, as Eurostar “deliberately” never stores card information.

However, Alphr says the company has yet to confirm “whether any data has actually been taken” and how many customers were affected.

Eurostar alerted the Information Commissioner’s Office (ICO), an independent body that handles data protection enquiries, after the breach was discovered “as required by law”, according to the tech site.

The ICO has confirmed that it has received a “breach report from Eurostar and are making enquiries”.

Are you affected?

Given that Eurostar has not disclosed any specific details about the hack, it’s difficult to pinpoint whether any customers have been affected by the breach.

One Twitter user, though, has posted an email they received from Eurostar to explain why it reset customer passwords.

The company wrote: “We’ve since carried out an investigation which shows that your account was logged into between the 15 and 19 October. If you didn’t log in during this period, there’s a possibility your account was accessed by this unauthorised attempt.”

Eurostar says customers concerned about their data should contact its customer support email with the subject line “account password change”.

Has this happened before?

Yes, there have been a series of high-profile attacks on travel companies in the past two months alone.

The first arose in early September when British Airways revealed that personal details and card information regarding almost 200,000 of its customers were accessed between 21 August and 5 September.

The information was taken from around 380,000 online transactions and has been dubbed by experts as “one of the biggest breaches of consumer data the UK had ever seen”, The Daily Telegraph reports.

Meanwhile, Hong Kong’s flag carrier Cathay Pacific announced last week that the personal details of 9.4 million customers had been compromised during an attack in May.