Rail Europe North America Inc.
As a result of queries from one of the Organization?s banks, the Organization commenced an investigation of its ecommerce websites, which are used by persons outside of the EU to purchase rail passes for use in EU countries. Specifically, the Organization?s parent company, Rail Europe SAS (France), which operates the IT platform to which the Organization migrated its ecommerce websites, engaged two forensic analysis and security auditing firms to investigate. To date, the investigation has revealed that unauthorized persons gained unauthorized access to the IT platform to which the Organization was migrating its ecommerce websites, beginning in November 2017. The Organization reports the incident occurred between November 29, 2017 and February 16, 2018.