A NUMBER of accounts registered with Great Western Railway (GWR) have been hacked, prompting the firm to warn its customers to change their password.

Over the past week, about 1,000 (out of one million) accounts were affected and GWR has written to those people to let them know what has happened, and asked them to change their password.

An investigation by the company has found that that usernames and passwords on its GWR.com website have not been compromised and it is believed that log in details were taken from other sites.

A GWR spokesman said: “We have identified unauthorised automated attempts to access a small number of GWR.com accounts over the past week.

"While we were able to shut this activity down quickly and contact those affected, a small proportion of accounts were successfully accessed.

“Our security systems mean that financial information is encrypted to the high standards customers would expect, and no unencrypted bank card information is stored in GWR.com accounts.

“We are contacting other GWR.com account holders to let them know what’s happened and encourage them to check, and change their passwords.

“This kind of attack uses account details harvested from other areas of the web to try and catch out consumers with poor password habits.

"Sadly, it is the kind of attack that is experienced on a daily basis by businesses across the globe, and is a reminder of the importance of good password practice.

“We have acted quickly and decisively with our partners to protect our customers’ data, and have taken clear steps to stop it happening again.”