Rail Europe Notifies Riders of Three-Month Data Breach

Rail Europe North America (RENA), a website Americans use to buy European train tickets, has confirmed a three-month data breach in which customers’ payment card data was compromised. RENA reports the incident began on November 29, 2017 and continued through February 16, 2018, when a bank inquiry informed the organization of an attack. Attackers lifted RENA’s data with credit card-skimming malware placed on its website, a particularly concerning aspect of the incident, says Comparitech privacy advocate Paul Bischoff.

In most data breaches, cybercriminals gain unauthorized access to a corporate database. “In this case, however, the hackers were able to affect the front end of the Rail Europe website with ‘skimming’ malware, meaning customers gave payment and other information directly to the hackers through the website,” he explains.

Read more about the Rail Europe North America data breach on DarkReading.

Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free seven day trial.

Sign Up For Free Trial of The Daily Threat Brief