Eurostar data breach: what happened and are you affected?
Cross-Channel rail operator is the latest travel firm to be hacked
Eurostar has been forced to reset the passwords of some customers’ online accounts after becoming the latest company to be hit by hackers.
A spokesperson for the cross-Channel rail service told the BBC that an “unauthorised automated attempt to access customer accounts” occurred between 15 and 19 October.
Once the hack was identified, the company “blocked access and asked customers to reset their passwords as a precautionary measure”, the spokesperson added.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
It also claims that no credit card details were exposed during the attack, as Eurostar “deliberately” never stores card information.
However, Alphr says the company has yet to confirm “whether any data has actually been taken” and how many customers were affected.
Eurostar alerted the Information Commissioner’s Office (ICO), an independent body that handles data protection enquiries, after the breach was discovered “as required by law”, according to the tech site.
The ICO has confirmed that it has received a “breach report from Eurostar and are making enquiries”.
Are you affected?
Given that Eurostar has not disclosed any specific details about the hack, it’s difficult to pinpoint whether any customers have been affected by the breach.
One Twitter user, though, has posted an email they received from Eurostar to explain why it reset customer passwords.
The company wrote: “We’ve since carried out an investigation which shows that your account was logged into between the 15 and 19 October. If you didn’t log in during this period, there’s a possibility your account was accessed by this unauthorised attempt.”
Eurostar says customers concerned about their data should contact its customer support email with the subject line “account password change”.
Has this happened before?
Yes, there have been a series of high-profile attacks on travel companies in the past two months alone.
The first arose in early September when British Airways revealed that personal details and card information regarding almost 200,000 of its customers were accessed between 21 August and 5 September.
The information was taken from around 380,000 online transactions and has been dubbed by experts as “one of the biggest breaches of consumer data the UK had ever seen”, The Daily Telegraph reports.
Meanwhile, Hong Kong’s flag carrier Cathay Pacific announced last week that the personal details of 9.4 million customers had been compromised during an attack in May.
Create an account with the same email registered to your subscription to unlock access.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
Today's political cartoons - April 27, 2024
Cartoons Saturday's cartoons - natural gas, fundraising with Ted Cruz, and more
By The Week US Published
-
Aid to Ukraine: too little, too late?
Talking Point House of Representatives finally 'met the moment' but some say it came too late
By The Week UK Published
-
5 generously funny cartoons on the $60 billion foreign aid package
Cartoons Artists take on Republican opposition, aid to Ukraine, and more
By The Week US Published
-
Data breaches increased in 2023 and with them, internet security concerns
The Explainer One report found a 78% year-to-year increase in breaches from 2022 to 2023
By Justin Klawans, The Week US Published
-
Cyberflashing, fake news and the new crimes in the Online Safety Act
The Explainer UK's first conviction demonstrates scope of controversial law that critics describe as a threat to privacy and free speech
By Harriet Marsden, The Week UK Last updated
-
Russian hackers allegedly breach US government agencies in cyberattack
Speed Read
By Theara Coleman Published
-
Clop gang: Russian hackers issue ‘dark web ultimatum’ to BBC, Boots and BA
Under the Radar Affected companies urged to install security patches and not pay cyber criminals behind hack
By Rebekah Evans Published
-
Catfishing: what the law says
feature Campaigners are calling for online deception to become a specific criminal offence
By The Week Staff Published
-
What is ‘sextortion’ and why are cases on the rise?
In Depth Police issue warning over criminal extortion using threat of sharing sexual images
By The Week Staff Published
-
FBI email server hacked; attackers pin blame on cybersecurity consultant
Speed Read
By Grayson Quay Published
-
John Oliver urges you to take ransomware seriously with 1 terrifying example
Speed Read
By Peter Weber Published