300,000 Individuals Affected by Major Eurail Data Breach
Data Breach Affects Over 300,000 Eurail Customers
In a recent data breach, Eurail, a Netherlands-based company that issues rail passes to travelers across Europe, revealed that more than 300,000 customers may have had their personal information compromised.
The incident occurred in December 2025, with the company initially disclosing the breach in January. At the time, Eurail warned that customers who held a Eurail pass might be affected.
Details of the Breach
The breach involved hackers accessing the company’s network and stealing files containing basic identity and contact information.
In February, a hacker boasting about the theft on a surface web cybercrime site claimed to have stolen approximately 1.3 terabytes of data from Eurail’s Amazon Web Services (AWS), Zendesk, and GitLab instances, including source code, support tickets, and database backups.
The hacker asserted that they had obtained the personal information of millions of Eurail/Interrail customers and stated that negotiations with the travel company had failed.
Company Response and Notification
However, Eurail later confirmed that the thief had been selling the stolen data on the dark web and had posted a sample dataset on their Telegram channel.
Fortunately, Eurail does not store sensitive information such as bank or credit card details, nor does it retain visual copies of passports.
Customers whose personal data was included in the sample dataset will receive direct notification if contact details are available to the company.
Last week, Eurail submitted breach notifications to various US state Attorney General’s offices, acknowledging that the breach affects 308,777 people.
The company is currently sending written notifications to those potentially affected.
Related Incidents and Cybersecurity Concerns
Several other companies have faced similar data breaches in recent times, including T-Mobile, which recently reported a major breach.
Meanwhile, the FBI reported that cybercrime losses neared $21 billion in 2025 alone.
This trend highlights the ongoing need for robust cybersecurity measures and vigilance against potential threats.
As technology continues to evolve and become increasingly integrated into daily life, the risk of data breaches and other cybercrimes remains high.
Companies like Eurail must prioritize data protection and invest in robust security measures to safeguard customer information.