The Train left the station, and users credit card information arrived in hacker’s hands.
The site of Rail Europe is one of the most popular for non-European tourists to purchase tickets for European trains. I have used the site several times myself in the not to distant past. The report states that between November 2017 and February 2018 the site was under attack with malware that was skimming information.
The company that operates the site confirmed that user credit card information was stolen, including expiration dates and security numbers (3 digits on the back of the card). With this information, attackers will easily be able to make purchases using the stolen information. That wasn’t the only information stolen, hackers also gleaned name, gender, delivery and invoicing addresses, phone numbers, email addresses, usernames and passwords. If you used a credit card through the Rail Europe site during this time frame, you should check your account activity for fraudulent charges.
The breach was announced in a letter filed with the California attorney general. According to California state law, it is necessary to report a beach that affects more than 500 state residents. Rail Europe said they did not know how many users were affected. That they still do not know how the plot occurred on the site, although they state they have rebuilt vulnerable portions of the site.
If your password on the site is identical to the password on other sites, we recommend changing it as soon as possible.