Eurostar makes customers reset passwords after suffering data breach
The company said usernames and passwords were stolen, but not payment information
All Eurostar customers have been directed to reset their passwords after a massive data breach potentially affecting all of its customers.
However, the company was quick to tell anyone who had used the company's online booking service or its website that their payment details were not compromised because the firm doesn't store that information online.
Eurostar said it was a victim of criminal activity that resulted in the theft of data including user emails and passwords between 15 and 19 October. The company sent an email to customers on Tuesday warning them of the hack and instructing them to keep an eye on their accounts for any unusual activity.
"We have taken this action as a precaution because we identified what we believe to be an unauthorised automated attempt to access eurostar.com accounts using your email address and password," the company told customers in the email. "We've since carried out an investigation which shows that your account was logged into between the 15 and 19 October. If you didn't log in during this period, there's a possibility your account was accessed by this unauthorised attempt."
Eurostar also advised the Information Commissioner's Office (IOC) about the breach as soon as it became aware of the issue, as per the new GDPR guidelines. The organisation said it has received Eurostar's report and was investigating into the breach, as per protocol.
"This email was sent after we identified what we believe to be an unauthorised automated attempt to access customer accounts, so as a precaution, we asked all account holders to reset their password," a Eurostar spokesperson said." We deliberately never store any payment details or bank card information, so there is no possibility of those being compromised."