Eurostar resets customer passwords after hack attack

Image source, Eurostar

Eurostar has reset its customers' login passwords after detecting attempts to break into an unspecified number of accounts.

The rail service said it had notified those whose accounts had been targeted.

Other passengers will be told they have been blocked the next time they try to log in and will be asked to reset their details.

The firm declined to say whether any of the hack attacks were successful but said payment details were not affected.

"We believe this to be an unauthorised automated attempt to access customer accounts," a spokesman told the BBC.

Credit cards 'not compromised'

"As a result, we blocked access and asked customers to reset their passwords as a precautionary measure.

"We deliberately never store any bank card information, so there is no possibility of compromise to credit card or payment details."

The firm said the attacks had taken place between 15 and 19 October and involved a "small number" of internet protocol (IP) addresses.

It is not disclosing whether their origin has been traced.

Customers who previously asked why their passwords had been reset had been told it was the result of "maintenance" to the firm's website.

The BBC is not responsible for the content of external sites.View original tweet on Twitter

The Information Commissioner's Office said it had been made aware of the incident.

"We've received a data breach report from Eurostar and are making enquiries," said a spokeswoman.

Image source, Eurostar

Under the General Data Protection Regulation (GDPR) - which came into force in May organisations must let regulators know about serious personal data breaches involving EU citizens within 72 hours of becoming aware of them or face a fine, even if they do not yet have all the details.

In recent weeks, a number of airlines have revealed they have also been targeted by hackers.

It is not clear whether any of this activity is linked.

More on this story