The company said hackers put credit card-skimming malware on its website between late-November 2017 and mid-February 2018, according to an announcement filled in by the company with the California attorney general. It’s not known how many customers are affected. California data breach law mandates that any breach affecting more than 500 state residents has to publicly list the breach notification with the state attorney general’s office.
The company said credit card numbers, expiration dates, and card verification codes were stolen -- everything needed by a fraudster to carry out unauthorized purchases. Moreover, the criminals also stole name, gender, delivery and invoicing addresses, phone numbers, email addresses, and in some cases usernames and passwords of customers on the website.
Users are advised to change their passwords. If the same username and password set is used on any other site, they should be changed, too. Rail Europe said it “replaced and rebuilt” compromised systems from known-to-be safe code, the online publication adds.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now