Eurostar Resets All Customer Passwords After ‘Attempted’ Hack

Eurostar has reset all customers’ online passwords after detecting an “attempted” hack, the rail company confirmed.

The incident follows major breaches at several airlines.

Eurostar customers reported receiving emails from Eurostar earlier this week notifying them of the reset and attributing it to an “automated attempt” to access Eurostar accounts using email addresses and passwords.

The company hasn’t confirmed whether the attempted hack was successful or how many users may have been affected.

‘Precaution’

The hacking campaign was carried out from 15 to 19 October, Eurostar said, adding that it has notified the Information Commissioner’s Office (ICO).

Eurostar had previously informed users that the password reset was due to “maintenance” carried out on the Eurostar website.

“We’ve since carried out an investigation which shows that your account was logged into between the 15 and 19 October,” Eurostar said in the customer email. “If you didn’t log in during this period, there’s a possibility your account was accessed by this unauthorised attempt.”

Customers were told to look for signs of “unusual” activity in their accounts and to reset their credentials on other sites where they have reused their Eurostar passwords.

Eurostar told Silicon UK it had carried out the rest as a “precaution”, adding that no payment data was affected.

“We deliberately never store any payment details or bank card information, so there is no possibility of those being compromised,” the company said.

Airlines hacked

The ICO said it was looking into the matter.

“We’ve received a data breach report from Eurostar and are making enquiries,” the ICO stated.

The new GDPR data protection rules require firms to report breaches that involve EU citizens to the regulator within 72 hours, even if they do not yet have full details.

The incident follows breaches involving several airlines over the past few weeks, including Cathay Pacific and Air Canada.

British Airways recently said it had uncovered two distinct attacks, one involving 380,000 transactions made over its website and the other resulting in the theft of payment card data from 185,000 people.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Amazon Workers In North Carolina Reject Unionisation

Workers at Amazon warehouse near Raleigh vote against joining union, as company continues to challenge…

1 hour ago

China President Xi Meets With Top Tech Leaders

High-profile meeting with tech leaders seen as signal China is boosting tech sector after years…

2 hours ago

South Korea To Buy 10,000 GPUs For National AI Hub

South Korea hopes to gain leg up in international AI race with infusion of private…

2 hours ago

BYD, Geely, Great Wall Add DeepSeek AI To EVs

Chinese electric vehicle giants rush to incorporate DeepSeek AI tech to cars after it creates…

3 hours ago

South Korea Suspends DeepSeek From App Stores

South Korean data authority suspends Chinese AI start-up DeepSeek from Apple, Google app stores while…

3 hours ago

Google Puts ‘Profits Over Privacy’ With Tracking Change

Privacy advocates criticise Google over decision to allow companies to track users via digital fingerprints,…

4 hours ago