Eurail B.V., the European rail pass operator, has confirmed that a December 2025 data breach affected 308,777 individuals. Attackers exfiltrated files on December 26, 2025, containing names, passport numbers, and potentially other sensitive data including health information and bank IBANs for travelers who received passes through the EU's DiscoverEU program. Eurail disclosed the breach in February 2026 and sent notification letters in late March. Stolen data was reportedly published on Telegram and offered for sale on the dark web. Affected customers are advised to stay alert for phishing, update passwords, and monitor bank accounts.
Table of contents
Related Articles:Sort: