European train travel company Eurail confirms December 2025 breach affecting 300,000+ customers, with sensitive data including passport details and bank information stolen by attackers.
European train travel company Eurail has confirmed a significant data breach that exposed the personal information of over 300,000 travelers who used its Interrail and Eurail passes for multi-country train journeys across Europe.
Breach Timeline and Scope
The breach occurred on December 26, 2025, when unauthorized actors gained access to Eurail's customer database and transferred sensitive files from the company's network. Eurail B.V., based in the Netherlands, discovered the incident and began investigating on February 25, 2026.
In breach notification letters sent to affected individuals on March 27, Eurail revealed that the stolen data included full names and passport numbers. However, the company's filing with Oregon's Office of the Attorney General provided a more comprehensive picture of the breach's impact.
According to the filing, the data breach affected 308,777 individuals. The exposed information potentially included:
- Full names
- Passport details and ID numbers
- Bank account IBANs
- Health information
- Contact details (email addresses and phone numbers)
Attack Methodology and Aftermath
Eurail disclosed in February that the attackers had published a sample of the stolen data on Telegram and were attempting to sell the complete dataset on dark web marketplaces. This indicates the breach was likely carried out by financially motivated cybercriminals seeking to profit from the stolen information.
While Eurail stated that financial information and passport photocopies were not stored on the compromised systems, the European Commission issued a separate alert warning that young travelers who received passes through the EU's DiscoverEU program may have had their passport data and health information exposed.
The DiscoverEU program provides free travel passes to young Europeans, making these individuals particularly vulnerable to identity theft and fraud given the combination of personal, travel, and financial data that was potentially compromised.
Security Recommendations for Affected Travelers
In response to the breach, Eurail has advised affected customers to take several protective measures:
Immediate Actions:
- Update passwords for Rail Planner app accounts
- Reset passwords on any other platforms where the same credentials are used
- Monitor bank account activity closely for suspicious transactions
- Report any unauthorized transactions to banks immediately
Ongoing Vigilance:
- Remain alert for potential phishing attacks and scams
- Be cautious of unsolicited communications requesting personal information
- Consider placing fraud alerts on credit reports
- Monitor for signs of identity theft
Broader Context of European Data Breaches
This incident occurs against a backdrop of increasing cyberattacks targeting European institutions and companies. The European Commission recently confirmed its own data breach following a hack of the Europa.eu web platform, which was claimed by the ShinyHunters extortion gang.
Other recent European data breaches include:
- The Dutch Finance Ministry taking its treasury banking portal offline after a breach
- The Dutch Ministry of Finance disclosing a breach affecting employees
- Mazda disclosing a security breach exposing employee and partner data
These incidents highlight the growing threat landscape facing organizations that handle sensitive personal and financial information.
Company Response and Future Implications
Eurail's handling of the breach demonstrates the challenges companies face in detecting and responding to sophisticated cyberattacks. The gap between the December breach and the February discovery period is typical for complex intrusions, as forensic investigations require careful analysis to determine the full scope of compromised data.
For travelers who use Eurail services, this breach serves as a reminder of the importance of using unique passwords across different platforms and maintaining vigilance over financial accounts. The combination of travel data, identification documents, and financial information in a single breach creates particularly high risks for affected individuals.
The incident also raises questions about data protection practices for companies handling sensitive travel documentation and the need for enhanced security measures to protect against increasingly sophisticated cyber threats targeting the travel and tourism sector.
As investigations continue, affected travelers should prioritize implementing the recommended security measures and remain alert for any suspicious activity related to their personal or financial information.
Comments
Please log in or register to join the discussion