Eurail data breach impacted 308,777 people
Eurail data breach impacted 308,777 people
https://securityaffairs.com/190570/data-breach/eurail-data-breach-impacted-308777-people.html
Publish Date: 2026-04-09 16:49:00
Source Domain: securityaffairs.com
Eurail data breach impacted 308,777 people
Pierluigi Paganini
April 09, 2026
Hackers breached Eurail in Dec 2025, stole names and passport data, and exposed over 300,000 travelers’ personal information.
Threat actors breached Eurail in December 2025 and stole names and passport numbers from its network. The company now notifies 308,777 people that attackers exposed their personal data, raising concerns about identity theft and misuse of sensitive travel information.
“We recently identified unusual activity within a segment of our network. We immediately implemented our incident response procedures, took steps to terminate the activity, and commenced an investigation with the support of third-party cybersecurity professionals. We also notified law enforcement and are supporting its investigation.” reads the data breach notification. “The evidence showed that an unauthorized actor transferred files from our network on December 26, 2025. We reviewed the files involved and, on February 25, 2026, determined that they contained some of your information.”
Eurail B.V. is a Netherlands-based company that manages and sells the Eurail Pass, allowing international travelers to explore Europe by train with a single ticket. Working with dozens of railway and ferry partners, it provides access to more than 250,000 kilometers of rail routes across over 30 European countries, simplifying cross-border rail travel.
In February, Eurail B.V. confirmed that the traveler data stolen in a breach earlier this year were being offered for sale on the dark web. The company disclosed the development as part of its ongoing response to the cybersecurity incident.
“Eurail B.V. has confirmed that certain customer data affected by the previously reported security incident has been offered for sale on the dark web and a sample data set has been published on Telegram.” reads…
