November 30, 2023

A hacker has raised the alarm after discovering a vulnerability impacting Switzerland’s Railways. The flaw allowed the hacker to gain access to personal data belonging to around 500,000 individuals who had purchased tickets to ride on Swiss Federal Railways (SFR).

Advertisements

After detecting a entry point in  SFR’s Swiss Card system, the hacker reported SRF, a public television in Swiss

Information left vulnerable by the flaw included passenger names, dates of birth, the number of first- and second-class tickets they purchased, places of departure and final destinations.

The sensitive data was available publicly on the internet. The security breach was reported to Switzerland’s Federal Data Protection Commissioner.

According to Swiss Info, the data compromised by the hacker was never made public and has since been secured by SFR. The hacker said that their motivation in exploiting the flaw was to expose its existence in the hope of averting a potentially malicious cyber-attack.

Advertisements

These data can be sold in hacker forums on the dark web. In the wrong hands, it would have great potential for abuse. Cyber-criminals have been known to target the Swiss rail industry. In a similar incident that took place in May 2020, hackers stole data from Swiss train manufacturer Stadler Rail and demanded a payment of $6m in Bitcoin for its return.

Tags:

Leave a Reply

You may have missed

BlueVoyant Acquires Conquest Cyber

November 30, 2023

Google Fixes Sixth Chrome ZeroDay of 2023

November 29, 2023

Ardent Health Services affected by a cyber incident

November 29, 2023

GE and DARPA – Claimed Hack raises concerns

November 28, 2023

POC released for Splunk Enterprise Vulnerability- CVE-2023-46214

November 28, 2023

AWS Detective adds new Capabilities

November 27, 2023
%d bloggers like this: