Great Western Railway (GWR) is urging their customers to reset their passwords immediately after confirming that it was a target of a cyber-attack. The train operator confirmed this by saying that they have identified a series of automated attempts to access “a small percentage” of customer accounts on their website.
GWR claims that around 1000 accounts were accessed and they have started notifying their customers. They further added saying that no financial information has been compromised in this cyber-attack.
A Great Western Spokesman said that, “We have identified unauthorized automated attempts to access a small number of GWR.com accounts over the past week.” He further added saying, “While we were able to shut this activity down quickly and contact those affected, a small proportion of accounts were successfully accessed.”
The security staff believes that the attacker “harvested” the private details “elsewhere” instead of hacking in to the systems to collect customer data. The company says that the cyber-criminals got ahold of the account details from other parts of the web and tried to catch and attack customers who have poor password habits.
GWR has been assuring their customers that their bank card details are not compromised as they stored no usable bank information on their servers; saying that, “Our security systems mean that financial information is encrypted to the high standards customers would expect, and no unencrypted bank card information is stored in GWR.com accounts. We are contacting other GWR.com account holders to let them know what’s happened and encourage them to check, and change their passwords.”
The firm believes that the information that the hackers received for the automated attack has come from details in the other recent cyber-attacks and has started to urge their customers to strengthen their password security. The company believes that this kind of an attack is experienced on a daily basis all around the globe and it reminds people of how important a good password practice is.
GWR further claims saying that they have acted quickly and decisively by taking help from their partners to protect their customer’s data and stop such an attack from happening again.
Rashmi Knowles, a cyber-security expert was impressed with Great Western Railways response and added saying that consumers should use the incident as a motivation to focus on improving their own security. She added saying that, “It is good to see Great Western Railway taking a proactive approach to helping customers stay safe online by flagging that some accounts have been accessed, even though GWR itself has not been hacked.”
She even assessed this cyber-attack by saying that, “In the wake of large data breaches, we often see large caches of credentials go on sale on the dark web. Hackers know that consumers use the same passwords for multiple accounts, and that these credentials will open doors into emails, banks, or in this case railway accounts – I would suspect that is what is happening here, and that GWR accounts have been accessed by people trying their luck with stolen credentials.”
Knowles claims that it is important to practice good cyber hygiene an if your account has been attacked or compromised that you must update your accounts immediately.
Source: Sky News