Customers’ payment card details were skimmed

Train travellers in Europe may have had their bank accounts compromised, after a popular ticket purchasing site announced a data breach to its online services that went undetected for three months.

Rail Europe North America Inc (RENA) – an e-commerce site connecting European train companies – informed its customers at the end of April that a security incident on its transaction platform had occurred between November 29, 2017, and February 16, 2018.

The company explained that it was first alerted to the incident by one of its banks on February 16, and immediately disconnected all servers where access may have been granted to unauthorized persons.

It said: “RENA replaced and rebuilt all compromised systems from known safe code, any potentially untrusted components were removed, passwords were changed on all systems and applications, certificates were renewed, and security controls were hardened.”

The number of affected customers has not been disclosed, but an enormous amount of personal data could have been stolen.

“Name, gender, delivery address, invoicing address, telephone number, email address, credit/debit card number, expiration date and CVV of customers,” said RENA.

“And, in some cases, username and password of registered users who created personal accounts on a RENA website.”

RENA has offered identity theft protection to its customers and have encouraged those who used its services during the allocated time to get in contact with ID Experts.

Details regarding how the cyber-attack occurred is unknown, although some experts have claimed malware on the website was able to lift customer credit card information – a technique called skimming.

In 2016 self-proclaimed malware hunter Willem de Groot found that online skimming had risen 69% since the previous year – 5,900 e-commerce sites compromised, typically through some unpatched software.

RENA said that it was working with security professionals to help with the investigation.