Eurail Data Breach Exposes Personal Information of Over 300,000 U.S. Travelers

Eurail Data Breach Exposes Personal Information of Over 300,000 U.S. Travelers

First seen 9 Apr 2026, 11:01 UTC ThecyberexpressBleepingcomputerTechnaduSecurityaffairs.CoScworld+12 90% similarity 71.0

Article Content

Browse articles
ThreatCluster

Eurail B.V. confirmed a data breach that exposed personal information of approximately 308,777 individuals in the U.S., including names and passport numbers. The breach occurred on December 26, 2025, when unauthorized actors accessed Eurail's network and transferred sensitive files. The company detected unusual activity and initiated an investigation, which concluded on February 25, 2026, confirming the exposure of personal data. Notifications to affected individuals began on March 27, 2026. The breach also potentially compromised financial and health-related information, with samples of the stolen data appearing on the dark web. Eurail has advised affected individuals to monitor their accounts and update passwords. The breach has raised significant concerns about identity theft and the security of customer data in global transit systems.

Key Points: • Eurail's data breach affected 308,777 individuals, primarily in the U.S. • Sensitive information, including passport numbers and health data, was compromised. • Eurail has issued warnings about potential phishing attacks targeting affected individuals.

ThreatCluster AI

Timeline

2025-12-26
Unauthorized access to Eurail's network confirmed.
2026-02-25
Investigation concludes confirming data exposure.
2026-03-27
Eurail begins notifying affected individuals.

Community

Browse all →