Great Western Railway (GWR) is urging online customers to reset their passwords after confirming it was the target of a cyber attack.
The company said hackers had used an automated system to try and gain access to customer accounts on its website.
GWR said around 1,000 accounts had been accessed, and that it is now notifying customers of the incident. It added that no financial information had been compromised.
“We have identified unauthorised automated attempts to access a small number of GWR.com accounts over the past week,” a Great Western Railway spokesman said.
“While we were able to shut this activity down quickly and contact those affected, a small proportion of accounts were successfully accessed.
“Our security systems mean that financial information is encrypted to the high standards customers would expect, and no unencrypted bank card information is stored in GWR.com accounts.
“We are contacting other GWR.com account holders to let them know what’s happened and encourage them to check, and change their passwords.”
The firm said it believed the information used for the automated attack is likely to have come from details mined in other cyber attacks, and urged its customers to improve their password security.
“This kind of attack uses account details harvested from other areas of the web to try and catch out consumers with poor password habits,” the company said.
“Sadly, it is the kind of attack that is experienced on a daily basis by businesses across the globe, and is a reminder of the importance of good password practice.
“We have acted quickly and decisively with our partners to protect our customers’ data, and have taken clear steps to stop it happening again.”
Cyber security expert Rashmi Knowles from RSA Security praised GWR’s response, adding that consumers should use the incident as an incentive to improve their own online security.
“It is good to see Great Western Railway taking a proactive approach to helping customers stay safe online by flagging that some accounts have been accessed, even though GWR itself has not been hacked,” she said.
“In the wake of large data breaches, we often see large caches of credentials go on sale on the dark web. Hackers know that consumers use the same passwords for multiple accounts, and that these credentials will open doors into emails, banks, or in this case railway accounts – I would suspect that is what is happening here, and that GWR accounts have been accessed by people trying their luck with stolen credentials.
“This is why everyone should practice good cyber hygiene. If you know that one of your accounts has been compromised, and use the same username and password elsewhere, then update your other accounts immediately.
“More generally, with consumer breaches of this kind on the rise, you should never be using the same passwords for business and personal use.”