Eurail recently confirmed a data breach involving customer information following notification emails sent to affected travelers this week. While the company initially posted an update on January 10, individuals only began receiving direct alerts on January 13 regarding the unauthorized access to their personal data.

Eurail, which also operates under the Interrail brand, has launched an extensive investigation alongside external cybersecurity experts and legal advisors to determine the full scope of the security incident. The company maintains that they immediately took steps to secure their systems upon discovery of the breach. Although the exact number of impacted individuals has not been released, the company is working to identify every person whose data was compromised during the unauthorized access.

Early findings from the investigation suggest that the stolen information primarily consists of order and reservation details, including basic identity and contact information. For most customers who purchased passes directly, the data may include passport numbers and expiration dates, but the company clarified that it does not store visual copies of those documents. However, the situation differs for participants of the DiscoverEU program, an Erasmus-funded initiative, whose data was also part of the breach.

The travel company stated that there is currently no evidence that the stolen data has been misused or publicly disclosed, and they are continuing to monitor the situation closely with professional oversight. Despite the lack of immediate misuse, the investigation is still working to pinpoint exactly which categories of personal data were copied from the customer database. The company has expressed regret over the incident and emphasizes that they are taking the matter seriously to protect their users.

In compliance with the European Union General Data Protection Regulation, Eurail has reported the incident to the appropriate data protection authorities. They are also in the process of notifying relevant legal bodies outside of the European Union as required by law. Customers whose specific information may have been accessed are being contacted directly by the company to ensure they are aware of the potential risks to their personal details.

Source: Eurail Data Breach Exposes Passenger Passports And Bank Details