Criminals used malware to infiltrate Rail Europe North America's (RENA) website and steal payment card information, causing a security breach that has been reported to customers.
As to the data breach notification, hackers gained access to the personal data of registered users, which included their name, gender, phone number, email address, delivery address, billing address, credit/debit card number, expiration date, and customer's CVV. In certain instances, they also obtained their username and password.
In addition to removing any possibly suspicious components, RENA replaced and rebuilt all compromised systems using known safe code. IT personnel updated security measures, reissued digital certificates, and changed passwords on all systems and applications.
Note to our credit/debit card processors and credit card brands has also been sent by RENA," the notification reads.
Source: https://securityaffairs.com/72558/data-breach/rail-europe-north-america-hack.html
TPRM report: https://scoringcyber.rankiteo.com/company/raileurope
"id": "rai354251223",
"linkid": "raileurope",
"type": "Breach",
"date": "05/2018",
"severity": "50",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Travel',
'location': 'North America',
'name': 'Rail Europe North America (RENA)',
'type': 'Company'}],
'attack_vector': 'Malware',
'data_breach': {'personally_identifiable_information': ['Name',
'Gender',
'Phone number',
'Email address',
'Delivery address',
'Billing address'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Payment Information']},
'description': 'Criminals used malware to infiltrate Rail Europe North '
"America's (RENA) website and steal payment card information, "
'causing a security breach that has been reported to '
'customers.',
'impact': {'data_compromised': ['Name',
'Gender',
'Phone number',
'Email address',
'Delivery address',
'Billing address',
'Credit/debit card number',
'Expiration date',
'CVV',
'Username',
'Password']},
'motivation': 'Financial Gain',
'response': {'communication_strategy': 'Notified customers and credit/debit '
'card processors and credit card '
'brands',
'containment_measures': ['Removed possibly suspicious components',
'Replaced and rebuilt all compromised '
'systems using known safe code'],
'remediation_measures': ['Updated security measures',
'Reissued digital certificates',
'Changed passwords on all systems and '
'applications']},
'threat_actor': 'Criminals',
'title': 'Rail Europe North America Data Breach',
'type': 'Data Breach'}