Great Western Railway customers are being told to change their passwords after attackers accessed 1,000 accounts.
While only a very small number of accounts have been affected by the attack, cybersecurity experts are complimenting the company's proactive efforts to inform its customers of the best practice in these situations.
The company said that the attack involved automated attempts to access customer accounts using passwords which it believes were taken from elsewhere.
@GWRHelp Hi there, I've received an email claiming to be from GWR about how my "password has been reset" due to an attempted hack. Is this legitimate? I can provide more info if needed. Thanks in advance! pic.twitter.com/3Yh7AaXaMu
— Laura (@lanttans) April 10, 2018
Hello Laura, this is a genuine email from us. Jordan
— GWR Help (@GWRHelp) April 10, 2018
"Our investigations have shown that usernames and passwords on GWR.com have not been compromised, and the success rate of the automated logins was extremely low," they added.
"No usable bank information is stored on the site."
A spokesperson for GWR told Sky News: "While we were able to shut this activity down quickly and contact those affected, a small proportion of accounts were successfully accessed.
"Our security systems mean that financial information is encrypted to the high standards customers would expect, and no unencrypted bank card information is stored in GWR.com accounts.
"We are contacting other GWR.com account holders to let them know what's happened and encourage them to check, and change their passwords."
GWR's efforts to notify customers about the attack stands in stark contrast to a breach at Uber, where the company is accused of paying a hacker to conceal the confirmed theft of information belonging to 57 million customers.
The GWR spokesperson added: "This kind of attack uses account details harvested from other areas of the web to try and catch out consumers with poor password habits.
"Sadly, it is the kind of attack that is experienced on a daily basis by businesses across the globe, and is a reminder of the importance of good password practice.
"We have acted quickly and decisively with our partners to protect our customers' data, and have taken clear steps to stop it happening again."
Hi – Dan is right. The emails were staggered to help us manage response, but you should have received something by now. If you DM me your username I can ask someone to check if you like? Rachel https://t.co/Fg4VGS9qNo
— GWR Help (@GWRHelp) April 11, 2018
Rashmi Knowles, the regional chief technology officer at RSA Security, told Sky News that it was "good to see Great Western Railway taking a proactive approach to helping customers stay safe online by flagging that some accounts have been accessed, even though GWR itself has not been hacked.
More from Science & Tech
"In the wake of large data breaches, we often see large caches of credentials go on sale on the dark web.
"Hackers know that consumers use the same passwords for multiple accounts, and that these credentials will open doors into emails, banks, or in this case railway accounts. I would suspect that is what is happening here, and that GWR accounts have been accessed by people trying their luck with stolen credentials."