A British rail operator has reset more than a million customer accounts after discovering hackers had successfully breached a small percentage of them.
Great Western Railway said that about 1,000 of its passengers’ details had been exposed.
The business – which runs trains between London, Penzance and Worcester – is part of the transport operator FirstGroup.
It said all bank information had been protected by encryption.
We have identified unauthorised automated attempts to access a small number of GWR.com accounts over the past week,
While we were able to shut this activity down quickly and contact those affected, a small proportion of accounts were successfully accessed.
The success rate of the automated logins was extremely low, suggesting any passwords used were likely harvested elsewhere,
the company added.