Eurail B.V. said attackers stole personal information from more than 300,000 people in a December 2025 data breach that affected its customer database and exposed passport details, contact data and other sensitive records.
KEY FACTS
- Impact The breach affected 308,777 people, according to a filing with Oregon’s attorney general.
- Data exposed The disclosure said names and passport numbers were among the files reviewed, and earlier notices cited bank IBANs, health information and contact details.
- Timeline Attackers transferred files on Dec. 26, 2025, and the company later determined the files contained customer information on Feb. 25, 2026.
- Response Affected users were told to reset Rail Planner passwords and watch for phishing and suspicious account activity.
In breach notification letters sent on March 27, the company said an unauthorized actor transferred files from its network on Dec. 26, 2025. Eurail said it later reviewed the files and found that they contained some customer information, including names and passport numbers.
The disclosure said the stolen data sample had been posted on Telegram and offered for sale on the dark web. Eurail said it did not store financial information or passport photocopies on the compromised systems, though a separate alert from the European Commission warned that financial and health data may have been exposed for some DiscoverEU travelers.
Eurail advised customers to update passwords for the Rail Planner app and any other accounts using the same credentials. It also urged them to monitor bank accounts and report suspicious transactions to their banks.
Last month, the European Commission also confirmed a separate breach after the Europa.eu web platform was hacked in an attack claimed by the ShinyHunters extortion gang. That case involved different systems, but it adds to a series of recent incidents involving European institutions and travel-related services.
WHY IT MATTERS
The case shows how breaches at travel and identity services can expose documents that may be useful for fraud or phishing. It also affects users who may rely on the same credentials across multiple accounts and platforms.