News has broken that Rail Europe, a site used by Americans to buy train tickets in Europe, has revealed a three-month data breach of credit cards and debit cards. The announcement came in a letter filed with the California attorney general, in which the company said hackers put credit card-skimming malware on its website between late-November 2017 and mid-February 2018.
Commenting on this, Andy Norton, director of threat intelligence at Lastline said:
“The Rail Europe breach comes hot on the heels of the Chilli’s breach announcement, and the guilty plea of a Russian hacker responsible for stealing 160 million credit card numbers in US courts. Clearly, the black market for stolen credit cards is only increasing. There is tremendous potential for harm to be caused in PII breaches, which is not just measured in the financial losses from identity theft but also the emotional stress of trying to reclaim control of your life. Retailers, are under constant attack, simply because they process lots of credit card transactions, viewed as an oasis of magnetic strips for organised crime. Some retailers acknowledge that they don’t have adequate measures in place to detect new techniques used to gain unauthorised access to POS systems, which explains why there can be extended periods of time in unauthorised access.”