Eurostar has reset its customers’ login passwords after detecting attempts to break into an unspecified number of accounts.
The rail service said it had notified those whose accounts had been targeted.
Other passengers will be told they have been blocked the next time they try to log in and will be asked to reset their details.
The firm declined to say whether any of the hack attacks were successful but said payment details were not affected.
“We believe this to be an unauthorised automated attempt to access customer accounts,” a spokesman told the BBC.
Credit cards ‘not compromised’
“As a result, we blocked access and asked customers to reset their passwords as a precautionary measure.
“We deliberately never store any bank card information, so there is no possibility of compromise to credit card or payment details.”
The firm said the attacks had taken place between 15 and 19 October and involved a “small number” of internet protocol (IP) addresses.
It is not disclosing whether their origin has been traced.
Customers who previously asked why their passwords had been reset had been told it was the result of “maintenance” to the firm’s website.
Hi. Recently we have performed maintanence on the Eurostar website and have requested that our customers reset their passwords. Sorry for any inconvenience.
— Eurostar (@Eurostar) October 23, 2018
The Information Commissioner’s Office said it had been made aware of the incident.
“We’ve received a data breach report from Eurostar and are making enquiries,” said a spokeswoman.
Under the General Data Protection Regulation (GDPR) – which came into force in May organisations must let regulators know about serious personal data breaches involving EU citizens within 72 hours of becoming aware of them or face a fine, even if they do not yet have all the details.
In recent weeks, a number of airlines have revealed they have also been targeted by hackers.
- Cathay Pacific said personal data belonging to up to 9.4 million passengers had been accessed
- British Airways said it had discovered two attacks, one involving 380,000 transactions made via its website, the other affecting more than 185,000 people whose payment card details had been stolen
- Air Canada confirmed that 20,000 of its customer accounts might have been breached
It is not clear whether any of this activity is linked.