Endpoint

5/15/2018
10:10 AM
50%
50%

Rail Europe Notifies Riders of Three-Month Data Breach

Rail Europe North America alerts customers to a security incident in which hackers planted card-skimming malware on its website.

Rail Europe North America (RENA), a website Americans use to buy European train tickets, today confirmed a three-month data breach in which customers' payment card data was compromised. RENA reports the incident began on November 29, 2017 and continued through February 16, 2018, when a bank inquiry informed the organization of an attack.

Attackers lifted RENA's data with credit card-skimming malware placed on its website, a particularly concerning aspect of the incident, says Comparitech privacy advocate Paul Bischoff. In most data breaches, cybercriminals gain unauthorized access to a corporate database.

"In this case, however, the hackers were able to affect the front end of the Rail Europe website with 'skimming' malware, meaning customers gave payment and other information directly to the hackers through the website," he explains. "While the details haven't been fully disclosed, the fact that this went on for three months shows a clear lack of security by Rail Europe."

Skimmers are usually placed on top of hardware so it seems like they are part of the payment portal, he says. This means just about all payment info was current when it was submitted - and the attackers took more than credit card numbers, expirations dates, and verification codes. They also stole name and gender info, delivery and invoicing addresses, email addresses, phone numbers, and in some cases, usernames and passwords.

Read more details here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.