Great Western Railway warns customers of possible compromise following cyber attack

Automated attack used harvested passwords, GWR believes

Great Western Railway has advised customers to reset their passwords after the company's systems were targeted by attackers.

The train operator confirmed to Computing that it has identified "a series of automated attempts" to access a "small percentage" of customer accounts.

After conducting an investigation, the company found that GWR.com had been targeted and some accounts accessed. However, it told Computing that the overall success rate of the automated attack was "extremely low".

It added that its security staff believe that the attackers "harvested" the passwords "elsewhere", rather than hacking into its systems to get hold of customer data.

User names and passwords are freely traded in hacker forums, with hundreds of millions of credentials compromised over the years. Many, though, will be out of date.

Our security systems mean that financial information is encrypted to the high standards customers would expect, and no unencrypted bank card information is stored in GWR.com accounts

Because no usable bank information is stored on its servers, GWR has reassured customers that their bank card details could not have been compromised in the attacks

A spokesperson for the company explained that the company "identified unauthorised automated attempts to access a small number of GWR.com accounts over the past week.

"While we were able to shut this activity down quickly and contact those affected, a small proportion of accounts were successfully accessed.

"Our security systems mean that financial information is encrypted to the high standards customers would expect, and no unencrypted bank card information is stored in GWR.com accounts."

In total, around 1,000 accounts out of one million have been "directly affected" by the attack.

This kind of attack uses account details harvested from other areas of the web to try and catch out consumers with poor password habits

GWR has since emailed these customers to inform them of the incident and ask them to change their passwords.

"Today we have contacted other GWR.com account holders to let them know what's happened and encourage them to check, and change their passwords," said the spokesperson

"This kind of attack uses account details harvested from other areas of the web to try and catch out consumers with poor password habits.

They added: "Sadly, it is the kind of attack that is experienced on a daily basis by businesses across the globe, and is a reminder of the importance of good password practice."

"We have acted quickly and decisively with our partners to protect our customers' data, and have taken clear steps to stop it happening again."