Cyber Incident Victim: Eurostar
Date:
Oct 2018
Location:
United Kingdom
Summary
Eurostar reset customer passwords following unauthorized automated attempts to access accounts, targeting a limited number of users over several days. The company notified affected individuals and required others to reset credentials upon next login, initially attributing the action to website maintenance. Payment details were unaffected due to the firm’s policy of not storing financial data. The incident involved a small set of IP addresses, and regulators were informed under data protection laws. This occurred amid broader cyberattacks targeting multiple airlines, though no connection was established between these events.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Eurostar detected unauthorized automated attempts to access customer accounts between 15 and 19 October 2018, prompting a system-wide password reset. The rail service identified activity originating from a small number of IP addresses targeting an unspecified quantity of user accounts. While the company declined to confirm whether any account breaches succeeded, it emphasized that payment card details remained uncompromised due to its policy of never storing financial data. Affected customers received direct notifications about the security incident, while others discovered their accounts blocked upon subsequent login attempts, requiring password resets as a precaution. Eurostar initially attributed the password resets to website maintenance when questioned by customers prior to public disclosure of the incident. The Information Commissioner's Office (ICO) confirmed receiving a GDPR-mandated breach report from Eurostar and initiated enquiries. Under GDPR regulations effective since May 2018, Eurostar faced a 72-hour reporting deadline for breaches involving EU citizens' personal data.
The incident occurred amid heightened cybersecurity concerns across the travel sector, with multiple airlines disclosing breaches during the same period. British Airways reported two separate attacks affecting 380,000 payment transactions and 185,000 stolen payment card records, while Air Canada disclosed potential compromises of 20,000 customer accounts. Cathay Pacific simultaneously revealed a breach impacting millions of passengers. Eurostar's public statement clarified that the attack methodology involved credential-based account access attempts rather than payment system infiltration. The company did not disclose whether investigators traced the originating IP addresses or identified potential threat actors. No operational disruptions to train services occurred as the incident exclusively affected customer web accounts. The password reset process served as the primary containment measure alongside blocking the malicious IP addresses.