Skip to content
Tech News
← Back to articles

Eurail says December data breach impacts 300,000 individuals

2026-04-09 | original
read original get Eurail Data Breach Report → more articles
Why This Matters

The Eurail data breach affecting over 300,000 individuals highlights the increasing cybersecurity risks faced by travel and transportation companies, emphasizing the need for robust data protection measures. For consumers, it underscores the importance of vigilance against identity theft and scams following such incidents, especially when sensitive personal information is compromised. This incident serves as a reminder for the tech industry to prioritize cybersecurity to protect user data and maintain trust.

Key Takeaways

Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025 data breach.

Eurail is a Netherlands-based company that sells Interrail and Eurail passes for multi-country train travel across Europe, passes that are also available to young Europeans through the EU's DiscoverEU program.

When it disclosed the incident in February, the company said the attackers gained access to travelers' sensitive information, including full names, passport details, ID numbers, bank account IBANs, health information, and contact details (email addresses, phone numbers), after breaching its customer database.

Eurail also warned at the time that the threat actors had published a sample of the stolen data on Telegram and were attempting to sell it on the dark web.

"The evidence showed that an unauthorized actor transferred files from our network on December 26, 2025," the European train travel company said in breach notification letters sent to affected individuals on March 27.

"We reviewed the files involved and, on February 25, 2026, determined that they contained some of your information. The information included your name and passport number."

The same day, Eurail revealed in a filing with the Office of Oregon's Attorney General that the resulting data breach impacted 308,777 individuals.

Eurail data breach filing with Oregon's OAG (BleepingComputer)

​While Eurail said that it didn't store financial information or passport photocopies on the compromised systems, the European Commission warned in a separate alert that this type of data (as well as health information) may have been exposed for young travelers who received a Pass through the DiscoverEU program.

Eurail told customers whose information was exposed in the breach to remain vigilant against potential phishing attacks and scams, and advised them to update their Rail Planner app account passwords and reset them on any other platform where they're also used.

... continue reading

Explore topics: eurail interrail telegram dark web data breach
Related:
Webinar: From noise to signal - What threat actors are targeting next
Poke makes AI agents as easy as sending a text
AI agent Poke makes setting up automations as easy as sending a text
Poke makes using AI agents as easy as sending a text
Men Are Buying Hacking Tools to Use Against Their Wives and Friends

© 2026 GoKawiil

About | Editorial Policy | Contact