Great Western Railway accounts breached

  • Published
GWR trainImage source, PA
Image caption,

GWR says that its customers' payment card details were protected by encryption

A British rail operator has reset more than a million customer accounts after discovering hackers had successfully breached a small percentage of them.

Great Western Railway said that about 1,000 of its passengers' details had been exposed.

The business - which runs trains between London, Penzance and Worcester - is part of the transport operator FirstGroup.

It said all bank information had been protected by encryption.

"We have identified unauthorised automated attempts to access a small number of GWR.com accounts over the past week," a spokesman told the BBC.

"While we were able to shut this activity down quickly and contact those affected, a small proportion of accounts were successfully accessed.

"The success rate of the automated logins was extremely low, suggesting any passwords used were likely harvested elsewhere," the company added.

Image source, GWR
Image caption,

Account holders have been sent emails to notify them of the breach

The firm added that the decision to reset all customer accounts had been taken as a precautionary step.

Some recipients of the alert had questioned if it was real, as the email address it had been sent from seemed unusual.

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.View original content on Twitter
The BBC is not responsible for the content of external sites.
Skip twitter post by Chicken Dhansak

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.

The BBC is not responsible for the content of external sites.
End of twitter post by Chicken Dhansak

One cyber-security expert said the incident served as a reminder that people should use a different, complex password for each online service they used.

"In the wake of large data breaches, we often see large caches of credentials go on sale on the dark web," commented Rashmi Knowles from RSA Security.

"Hackers know that consumers use the same passwords for multiple accounts, and that these credentials will open doors into emails, banks, or in this case railway accounts.

"I would suspect that is what is happening here, and that GWR accounts have been accessed by people trying their luck with stolen credentials," said Ms Knowles.

Related internet links

The BBC is not responsible for the content of external sites.