Rail Europe had a three-month long credit card breach

If you booked train tickets for a European getaway in the past few months, you might want to check your bank statements. Rail Europe, a site used by Americans to buy train tickets in Europe, has revealed a three-month data breach of credit cards and debit cards. The announcement came in a letter filed with the California attorney general, in which the company said hackers put credit card-skimming malware on its website between late-November 2017 and mid-February 2018.

The company said credit card numbers, expiration dates, and card verification codes were stolen — everything needed by a fraudster to carry out unauthorized purchases. The hackers also stole name, gender, delivery and invoicing addresses, phone numbers, email addresses, and in some cases usernames and passwords of customers on the website.

Source: zdnet.com