Back

Eurail Data Breach Exposes Personal Information of Over 300,000 U.S. Individuals

Severity: High (Score: 69.0)

Sources: Thecyberexpress, Bleepingcomputer

Summary

Eurail B.V. has confirmed a data breach affecting approximately 308,777 individuals in the U.S., with the breach occurring between late December 2025 and early January 2026. Unauthorized access to Eurail's network was detected on December 26, 2025, leading to the transfer of sensitive personal information, including names, passport numbers, and potentially financial and health-related data. The breach was disclosed to affected individuals on March 27, 2026, after an investigation revealed the extent of the compromised data. The company has reported the incident to law enforcement and is working with cybersecurity experts to enhance security measures. Additionally, samples of the stolen data have been found on the dark web, increasing the risk of identity theft and fraud for those affected. Eurail has advised customers to monitor their accounts and update passwords as a precaution. Key Points: • Eurail's data breach affects over 300,000 individuals, primarily in the U.S. • Sensitive information, including passport numbers and health data, was compromised. • Data samples have been found on the dark web, heightening identity theft risks.

Key Entities

  • ShinyHunters (apt_group)
  • Data Breach (attack_type)
  • Netherlands (country)
  • United States (country)
  • europa.eu (domain)
  • T1041 - Exfiltration Over C2 Channel (mitre_attack)
  • T1567 - Exfiltration Over Web Service (mitre_attack)
  • Telegram (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed