Criminals used malware to infiltrate Rail Europe North America's (RENA) website and steal payment card information, causing a security breach that has been reported to customers.
As to the data breach notification, hackers gained access to the personal data of registered users, which included their name, gender, phone number, email address, delivery address, billing address, credit/debit card number, expiration date, and customer's CVV. In certain instances, they also obtained their username and password.
In addition to removing any possibly suspicious components, RENA replaced and rebuilt all compromised systems using known safe code. IT personnel updated security measures, reissued digital certificates, and changed passwords on all systems and applications.
Note to our credit/debit card processors and credit card brands has also been sent by RENA," the notification reads.
Source: https://securityaffairs.com/72558/data-breach/rail-europe-north-america-hack.html
"id": "RAI354251223",
"linkid": "raileurope",
"type": "Breach",
"date": "05/2018",
"severity": "50",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"