Cyber Incident Victim: Rail Europe North America

Rail Europe North America experienced a data breach involving unauthorized access to its online booking systems between late November 2017 and mid-February 2018. Attackers deployed credit card-skimming malware on the company's website, compromising payment card details and personal information of customers who purchased European train tickets during this three-month period. The breach was disclosed through a notification letter filed with the California attorney general's office in 2018, though the exact discovery date remains unspecified in public reporting. Stolen data included complete payment card information such as card numbers, expiration dates, and verification codes, along with customers' names, genders, delivery/invoicing addresses, phone numbers, and email addresses. Some compromised accounts also contained usernames and passwords used for the Rail Europe platform. The company acknowledged that this combination of stolen data provided sufficient elements for fraudulent transactions.

Rail Europe responded by replacing and rebuilding compromised systems using verified safe code, though the initial attack vector remained undisclosed. The company implemented password resets for affected accounts and renewed security certificates following the breach containment. While California breach notification laws required disclosure for incidents affecting more than 500 state residents, Rail Europe declined to specify the total number of impacted customers when questioned, stating only that their platform served over five million customers in 2017. The incident exposed payment card data alongside sufficient personal identifiers to enable financial fraud, though no specific fraud cases were directly attributed to the breach in available reports. System restoration efforts focused on eliminating the card-skimming malware without public discussion of additional security enhancements beyond infrastructure replacement and credential rotation.