Eurostar has reset its customers’ login passwords after detecting attempts to break into an unspecified number of accounts. The rail service said it had notified those whose accounts had been targeted. Other passengers will be told they have been blocked the next time they try to log in and will be asked to reset their details.
However, the firm declined to say whether any of the hack attacks were successful but said payment details were not affected.
Commenting on how Eurostar can mitigate these hack attacks, how customers can secure their accounts and how the company and its users might be affected is Bill Evans, senior director at One Identity:
It appears Eurostar has done a number of things correctly in ensuring the breadth of attacks of this nature are minimized. Most notably, the company states that it does not store customer bank card information. This means this highly sensitive and valuable information will never be compromised. However, without specific information regarding the details of the threat, which Eurostar are unwilling to release, it’s difficult to determine what else it might do to further mitigate any risks.
To make their accounts more secure, like any organisation, Eurostar would be wise to deploy multi-factor authentication, if it hasn’t already, for both internal accounts and customer accounts. This simple change can prove extremely valuable in limiting the success of any future threat.
It does not appear at this time that Eurostar will face substantial negative feedback. They appear to be complying with the GDPR mandates and the fact that they do not store bank card information will limit the negative impact to its customer base. That being said, the recent ruling against Morrison’s where victims received financial considerations simply for the distress of being breached might be a bad omen for Eurostar. Only time will tell.