Credit card-skimming malware has been used to steal card details on a rail ticket website.
It has been reported that Rail Europe, a site used primarily by Americans to buy train tickets in Europe, was attacked with credit card-skimming malware between November 2017 and mid-February 2018.
Mark James, ESET IT Security Specialist, comments on the news and suggests how those affected could mitigate the damage.
“This is one of those horror stories that could affect the finances of all who used this particular site.
“The information gathered is easily enough to make purchases online without the end user being present or indeed aware.
“The type of information stolen was ‘credit card numbers, expiration dates, card verification codes along with name, gender, delivery and invoicing addresses, phone numbers, email addresses, and in some cases usernames and passwords of customers on the website.’
“A whole treasure trove of information that could leave a huge number of users with financial worries if and when it falls into the wrong hands, so what can you do about the breach?
“Technically nothing, but of course you can do some things to mitigate the damage caused: change any passwords that you used on this site, check your credit and financial statements from any bank you use looking for anything that is out of the ordinary no matter the size of the transaction.
“If you do see anything contact your bank ASAP and let them know about the transaction and the reasoning for the concern and cancel any cards affected.
“There’s a good chance you won’t actually lose any money but it’s the inconvenience that causes the most problems.
“For those on a tight budget it may well cause stress worrying about paying bills while new cards arrive and any stolen funds are returned.
“It’s always a worry when we are involved in any kind of data breach but even worse when this amount of information goes public.”
Have you been affected by this breach? Let us know on Twitter @ESETUK.