RailEurope - hacked

How recent was the hack?

I think the Equifax breach pretty much swept up everyone by now, doubt anyone's left to be hacked who hasn't been hacked already [via] some business they have a voluntary or involuntary relationship with (Yahoo, Facebook, Target, OPM - the federal employment system database, health insurers including Blue Shield, etc).

According to my RE notification the data breach occurred 11/29/2017-2/16/2018

How do the prices you got compare with the "real" prices from the SBB website: https://www.sbb.ch/en/leisure-holidays/travel-in-switzerland/international-guests/swiss-travel-pass.html

Consecutive travel days - adults
Swiss Travel Pass 3 days: CHF 225 2nd class, CHF 358 1st class
Swiss Travel Pass 4 days: CHF 270 2nd class, CHF 429 1st class
Swiss Travel Pass 8 days: CHF 398 2nd class, CHF 631 1st class
Swiss Travel Pass 15 days: CHF 485 2nd class, CHF 765 1st class

Non-consecutive days can be selected individually.
Swiss Travel Pass Flex 3 days in 1 month: CHF 259 2nd class, CHF 412
Swiss Travel Pass Flex 4 days in 1 month: CHF 310 2nd class, CHF 493
Swiss Travel Pass Flex 8 days in 1 month: CHF 445 2nd class, CHF 706
Swiss Travel Pass Flex 15 days in 1 month: CHF 532 2nd class, CHF 840

That is the price charged by SBB (whose pass it is), for both buying in Switzerland and on the internet. This price is fixed and will not change until at least the timetable changeover in December.
Any higher price in another currency, and any fluctuations, are due to exchange rate changes and markups.

Chris, I'm not an advocate for RE as you probably already know. But for several compelling reasons we did choose to make this purchase via RE. Among other reasons: SBB started rejecting my credit card, you can't buy 20+ in one transaction and therefore must work with SBB group sales who add another fee onto the total for their service. When my credit card has failed in the past for SBB it left the process in limbo, and I had to put in time and effort to reconciling and fixing problems. It was just simpler to make this bulk purchase from RE, and going through the SBB link from the RS website produced a lower price than directly with RE.

Otherwise I choose to avoid RE like the plague!

I checked with Rail Europe to confirm that a data breach did happen (that the ID monitoring email was not itself a hack) and they confirmed that was unfortunately the case sometime in the date range indicated. It did not actually apply to our separate, Rick Steves' co-branded database, so perhaps Tim bought something on their other site. In better news, the sites are more secure now than ever before.

Everything gets hacked eventually - everything. Plan on that.

Laura, this is the RS link I clicked through to purchase Swiss Travel Pass from RailEurope:

http://ricksteves.mytraintravel.com/pass/swiss-pass-5934

Tim, thank you for your business!

It was the Rail Europe rep who replied to me who was certain that the databases were different. Also, RE has gradually rolled out a new web hosting platform and user interface to different agents (and continents) over the past year or more. Our site was among the last to make the switch (on April 13). Of course, I'm not the person who could say exactly where encrypted credit card info ties in. I'm glad to know that customers are receiving the email notification.

The RE hacking was not delivered to me via email notification - it was snail mail.