In April 2018, the overseas train travel company disclosed it had suffered a three-month data breach from November 2017 to mid-February 2018. The data breach was caused by hackers installing skimming software on the company's website.
The hackers were believed to have captured customers’ name, gender, address, telephone number, email address, username, password, credit card numbers, expiration dates and CVV codes.
Given the type of information the hackers stole about the customers which left them particularly exposed to identity theft and financial fraud made the company's 10 week delay between event discovery and event notification particularly disappointing.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
We've done the analysis so you can make the decisions