Rail Europe North America discloses breach of e-commerce IT platform
Rail Europe North America discloses breach of e-commerce IT platform

U.S. residents who purchased European train tickets through Rail Europe North America (RENA) may be affected by a nearly three-month data breach/compromise of its e-commerce websites' IT platform that started late last year.

In an April 30 breach notification submitted to the California Attorney General's Office – officially posted on May 8 -- the ticket distributor reports that unauthorized individuals had access to the platform from Nov. 29, 2017 to Feb. 16, 2018.

Impacted information may have included names, genders, delivery and invoice addresses, telephone numbers, email addresses, payment card data, and in some cases the usernames and passwords of customers with personal accounts. The company notes that there is no evidence at this time that information has been misused.

RENA said that upon learning of the intrusion via a February 16 bank inquiry, it immediately severed the internet connection of all compromised servers, and began engaging with infosec experts, investigators and payment card companies. The company is also offering affected companies ID theft services for 12 months.

“RENA replaced and rebuilt all compromised systems from known safe code, any potentially untrusted components were removed, passwords were changed on all systems and applications, certificates were renewed, and security controls were hardened,” RENA states in its disclosure form.

Based on RENA's accounting of the event, several experts remarked that the attack may have resulted from the attackers infecting Rail Europe's website front-end with malware.

"Data breaches typically occur when a hacker gains unauthorized access to a database. In this case, however, the hackers were able to affect the front end of the Rail Europe website with skimming malware, meaning customers gave payment and other information directly to the hackers through the website," said Paul Bischoff, privacy advocate with consumer tech site Comparitech.com. "This also means all or nearly all of customers' payment information was current and working, making it even more valuable."