Eurail B.V. has confirmed that customer data stolen during a recent security breach is now being marketed on the dark web and shared via Telegram. The company is currently investigating the specific scope of the leak to identify exactly which records and individuals have been compromised.
Eurail B.V., the Dutch organization responsible for managing Eurail and Interrail passes across a massive European rail network, is dealing with the fallout of a significant unauthorized database intrusion. This breach is particularly concerning given the company's role in facilitating travel for millions, including participants in the DiscoverEU program. While the company previously disclosed the hack, the situation has escalated now that samples of the stolen information have surfaced on public and private messaging platforms.
The compromised data is highly sensitive, reportedly including full names, passport and ID numbers, bank IBANs, and contact information. In some cases, health data may also have been exposed, creating a high risk for the affected travelers. Eurail is currently working to categorize the specific data points lost for each customer so they can provide accurate, individual notifications to those at risk.
In response to the leak, the company has engaged with data protection authorities to comply with GDPR and other international regulatory requirements. They are maintaining a dedicated support page and a direct privacy contact line to manage the influx of concerns from the public. This regulatory oversight is standard for a breach of this scale involving sensitive personal and financial identifiers.
Customers are being urged to take immediate defensive actions to protect their identities and finances. This includes changing passwords on the Rail Planner app and any other accounts that share the same login credentials to prevent credential stuffing attacks. Additionally, because bank details were involved, users are advised to keep a close watch on their transaction history for any signs of fraud.
The threat of phishing is particularly high following this incident, as scammers may use the stolen contact details to pose as official entities. Eurail continues to investigate the full extent of the data sale while advising all users to remain vigilant against suspicious emails or phone calls. As the investigation continues, the firm remains focused on identifying every impacted individual to mitigate further damage.
Source: Eurail Says Stolen Traveler Data Is Now Being Sold On The Dark Web