If you traveled to Europe or bought rail tickets for European travel in late 2017-early 2018, you may have been taken for another type of ride. In a letter filed with California’s Attorney General, Rail Europe North America revealed credit card numbers and other customer account information may have been revealed by a security breach.
What Exactly Happened?
Rail Europe North America’s (RENA) website is utilized by customers in order to purchase train tickets for their trips in Europe. Specifically, their announcement states that “unauthorized persons gained unauthorized access to our e-commerce websites’ IT platform” from November 29, 2017, through February 16, 2018.
The company did not provide details on how many customers were impacted but said malware from hackers may have compromised users’ personal information, including:
- Delivery and invoicing addresses
- Telephone number
- Email address
- Credit card or debit card number, expiration date and CVV
- Username and password of personal accounts on a Rail Europe website
What to Do If You’re a Rail Europe North America Customer
While Rail Europe North America said it “replaced and rebuilt all compromised systems,” and also changed passwords for their systems and applications, consumers should ensure no fraudulent charges were placed on their cards and should change their usernames and passwords. Here’s what you can do to help protect yourself:
1. Replace Your Card(s)
Do not wait for your bank to catch the fraud first even though many will shut down your card automatically and issue a new one after it’s been compromised. Instead, contact your card issuer or financial institution and request a new debit or credit card immediately. If your debit card was the target, you’ll also want to change the PIN on the account.
When you call to replace your card, you should also notify your bank or financial institution that you may have been the victim of a data breach so they are aware of the potential for fraudulent charges.
2. Change Your Password
You’ll want to change your password for your Rail Europe account. Make sure the new password isn’t one you’ve used on other websites and if you have used your old Rail Europe North America email address and password combination on other sites, you’ll want to change it on those as well. Stay on top of your passwords so they’re not making it easier for criminals to get your information and can use a password manager like SaferPass or LastPass to keep track of all your different logins.
3. Check Your Accounts
Go online to check the recent activity on your account that your debit or credit card is associated with to make sure there are no fraudulent charges. You should check your accounts as far back as November, since the initial breach occurred then.
Start the process of disputing the charges with your bank or credit card issuer immediately. This process can take a little longer when you’re dealing with debit card fraud, but flagging any potential debit or credit card fraud as soon as possible means the matter can resolved sooner.
Consumers have 60 days to report an unauthorized transaction with their debit cards from the time they receive their statement because the card number was stolen and the card wasn’t lost. (Note: According to the FTC, if your debit card is stolen and used, you could end up being responsible for up to $500.)
4. Monitor Your Accounts Regularly
It never hurts to check all bank and credit card statements each month, and regularly check your credit report for any identity theft red flags. Additionally, most banks have the option to create alerts via text and/or email to notify you of large purchases.
Fraudsters often remain one step ahead of financial institutions and card issuers as new schemes to get personally identifiable information (PII) are created frequently. Last year there were 1,579 data breaches that exposed nearly 179 million records, according to the Identity Theft Resource Center.
Learn more here on Experian.com about other new scams and what to do if your credit card or debit card is involved in a data breach.