Rail Europe North America (RENA), a website Americans use to buy European train tickets, has confirmed a three-month data breach in which customers’ payment card data was compromised. RENA reports the incident began on November 29, 2017 and continued through February 16, 2018, when a bank inquiry informed the organization of an attack. Attackers lifted RENA’s data with credit card-skimming malware placed on its website, a particularly concerning aspect of the incident, says Comparitech privacy advocate Paul Bischoff.
In most data breaches, cybercriminals gain unauthorized access to a corporate database. “In this case, however, the hackers were able to affect the front end of the Rail Europe website with ‘skimming’ malware, meaning customers gave payment and other information directly to the hackers through the website,” he explains.
Read more about the Rail Europe North America data breach on DarkReading.