"We are sending you this letter to apologise for any inconvenience that this incident may have caused you and to reassure you that appropriate corrective action was taken without delay."
VIA Rail has been making contact with customers who have been affected by an influx of spam emails purporting to be from the Canadian rail operator, originating from a supplier to the company. The action by VIA Rail, which operates a 7,800-mile network across eight Canadian provinces, has been taken after the company received complaints from a customer related to spam email. Following an investigation, VIA Rail discovered that one of its suppliers unwittingly published a list of customer names and emails on the internet after it undertook a series of tests that went wrong.
"We are sending you this letter to apologise for any inconvenience that this incident may have caused you and to reassure you that appropriate corrective action was taken without delay," a company spokesperson said in an email to customers.
"We would also like to suggest that you remain vigilant and refrain from giving out your personal or financial information when you receive advertisements or unsolicited email that refer to your recent communications with Via Rail or your Via Preference account."
The VIA Rail security glitch news comes just months after Deutsche Bahn was itself the victim of a spam-related issue, after the German rail operator opened an unsolicited email that contained ransomware called WannaCry demanding the release of payments of between $300 and $600 before user access would be restored.
VIA Rail attempted to reassure customers when it said that no financial information is kept on the database, meaning it could not compromise customer’s bank accounts. The rail operator has since suspended all business with the company that enabled the leak of information, referring the matter to the Office of the Privacy Commissioner of Canada and the Treasury Board of Canada Secretariat. The company responsible for the leak has not been revealed.
You may also be interested in these stories from Transport Security World...
Expert View: The threat of virtual terrorism against infrastructure is growing.
A.P. Moller-Maersk reveals $300m loss after Trojan-style cyber attack.
Rail operators among those falling victim to world’s biggest ever cyber-attack.