Breach, Threat Management, Data Security

Rail Europe North America discloses breach of e-commerce IT platform

U.S. residents who purchased European train tickets through Rail Europe North America (RENA) may be affected by a nearly three-month data breach/compromise of its e-commerce websites' IT platform that started late last year.

In an April 30 breach notification submitted to the California Attorney General's Office – officially posted on May 8 -- the ticket distributor reports that unauthorized individuals had access to the platform from Nov. 29, 2017 to Feb. 16, 2018.

Impacted information may have included names, genders, delivery and invoice addresses, telephone numbers, email addresses, payment card data, and in some cases the usernames and passwords of customers with personal accounts. The company notes that there is no evidence at this time that information has been misused.

RENA said that upon learning of the intrusion via a February 16 bank inquiry, it immediately severed the internet connection of all compromised servers, and began engaging with infosec experts, investigators and payment card companies. The company is also offering affected companies ID theft services for 12 months.

“RENA replaced and rebuilt all compromised systems from known safe code, any potentially untrusted components were removed, passwords were changed on all systems and applications, certificates were renewed, and security controls were hardened,” RENA states in its disclosure form.

Based on RENA's accounting of the event, several experts remarked that the attack may have resulted from the attackers infecting Rail Europe's website front-end with malware.

"Data breaches typically occur when a hacker gains unauthorized access to a database. In this case, however, the hackers were able to affect the front end of the Rail Europe website with skimming malware, meaning customers gave payment and other information directly to the hackers through the website," said Paul Bischoff, privacy advocate with consumer tech site "This also means all or nearly all of customers' payment information was current and working, making it even more valuable."

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.