Eurostar resets customer passwords after hack attack

  • Published
Eurostar trainImage source, Eurostar

Eurostar has reset its customers' login passwords after detecting attempts to break into an unspecified number of accounts.

The rail service said it had notified those whose accounts had been targeted.

Other passengers will be told they have been blocked the next time they try to log in and will be asked to reset their details.

The firm declined to say whether any of the hack attacks were successful but said payment details were not affected.

"We believe this to be an unauthorised automated attempt to access customer accounts," a spokesman told the BBC.

Credit cards 'not compromised'

"As a result, we blocked access and asked customers to reset their passwords as a precautionary measure.

"We deliberately never store any bank card information, so there is no possibility of compromise to credit card or payment details."

The firm said the attacks had taken place between 15 and 19 October and involved a "small number" of internet protocol (IP) addresses.

It is not disclosing whether their origin has been traced.

Customers who previously asked why their passwords had been reset had been told it was the result of "maintenance" to the firm's website.

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.View original content on Twitter
The BBC is not responsible for the content of external sites.
Skip twitter post by Eurostar

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.

The BBC is not responsible for the content of external sites.
End of twitter post by Eurostar

The Information Commissioner's Office said it had been made aware of the incident.

"We've received a data breach report from Eurostar and are making enquiries," said a spokeswoman.

Image source, Eurostar

Under the General Data Protection Regulation (GDPR) - which came into force in May organisations must let regulators know about serious personal data breaches involving EU citizens within 72 hours of becoming aware of them or face a fine, even if they do not yet have all the details.

In recent weeks, a number of airlines have revealed they have also been targeted by hackers.

It is not clear whether any of this activity is linked.