A British rail operator has reset more than a million customer accounts after discovering hackers had successfully breached a small percentage of them.
Great Western Railway (GWR) is urging their customers to reset their passwords immediately after confirming that it was a target of a cyber-attack. The train operator confirmed this by saying that they have identified a series of automated attempts to access 1,000 customer accounts on their website, out of which more than one million people who have GWR accounts have already been notified before broader email was distributed.
GWR operates from London to areas around Bristol, Plymouth, Exeter, Penzance and Worcester. The business is part of the transport operator FirstGroup.
GWR assured customers that password changes were a "precaution”.
They said that its customers’ payment card details were protected by encryption and thus no financial information has been compromised in this cyber-attack.
A Great Western Spokesman said that “We have identified unauthorized automated attempts to access a small number of GWR.com accounts over the past week.” He further added saying, “While we were able to shut this activity down quickly and contact those affected, a small proportion of accounts were successfully accessed.”
The security staff believes that the attacker “harvested” the private details “elsewhere” instead of hacking into the systems to collect customer data. The company says that the cyber-criminals got ahold of the account details from other parts of the web and tried to catch and attack customers who have poor password habits.
"This kind of attack uses account details harvested from other areas of the web to try and catch out consumers with poor password habits. Sadly, it is the kind of attack that is experienced on a daily basis by businesses across the globe, and is a reminder of the importance of good password practice," the company said.
Great Western Railway (GWR) is urging their customers to reset their passwords immediately after confirming that it was a target of a cyber-attack. The train operator confirmed this by saying that they have identified a series of automated attempts to access 1,000 customer accounts on their website, out of which more than one million people who have GWR accounts have already been notified before broader email was distributed.
GWR operates from London to areas around Bristol, Plymouth, Exeter, Penzance and Worcester. The business is part of the transport operator FirstGroup.
GWR assured customers that password changes were a "precaution”.
They said that its customers’ payment card details were protected by encryption and thus no financial information has been compromised in this cyber-attack.
A Great Western Spokesman said that “We have identified unauthorized automated attempts to access a small number of GWR.com accounts over the past week.” He further added saying, “While we were able to shut this activity down quickly and contact those affected, a small proportion of accounts were successfully accessed.”
The security staff believes that the attacker “harvested” the private details “elsewhere” instead of hacking into the systems to collect customer data. The company says that the cyber-criminals got ahold of the account details from other parts of the web and tried to catch and attack customers who have poor password habits.
"This kind of attack uses account details harvested from other areas of the web to try and catch out consumers with poor password habits. Sadly, it is the kind of attack that is experienced on a daily basis by businesses across the globe, and is a reminder of the importance of good password practice," the company said.