The company owned by the FirstGroup transport business runs trains between London, Penzance, and Worcester
Great Western Rail is urging affected customers to change the password used to access the GWR.com portal, it also informed the UK Information Commissioner’s Office.
Attackers used credential stuffing to access the accounts, this means that hackers attempted to access the accounts by using credentials leaked from other data breaches.
The company is now extending the incident response measure to other account holders.
“We have identified unauthorised automated attempts to access a small number of GWR.com accounts over the past week,” a spokesman told the BBC.
“While we were able to shut this activity down quickly and contact those affected, a small proportion of accounts were successfully accessed.”
“The success rate of the automated logins was extremely low, suggesting any passwords used were likely harvested elsewhere,”
In the following image is reported a data breach notification received by a customer.
The messages inform users that Great Western Rail has reset all GWR.com passwords as a precaution.
“To ensure the security of your personal information you will need to do this when you next log in to the GWR.com website.” reads the message.
“You should use a unique password for each of your accounts for security, and we recommend you review all of your accounts for maximum security, and we recommend you review all your online passwords and change any that are the same.”
If you are a Great Western Rail user change your password and change the password for each website where you used the same credentials.
As usual, let me suggest using a strong password and enable two-factor authentication when available.
(Security Affairs – Great Western Rail, hacking)