Eurail Hack Forces Thousands to Cancel Passports
Over 300,000 travellers must replace passports after Eurail data breach. Personal information posted on dark web and Telegram.
A major data breach affecting Eurail, the company responsible for selling Interrail passes across Europe, has left hundreds of thousands of travellers scrambling to replace their passports and secure their identities. The incident, which occurred in December but was only recently disclosed to affected customers, has exposed the sensitive personal information of more than 300,000 European holidaymakers, creating an unprecedented security crisis for the rail pass provider and its users.
According to Eurail's official statement released this week, the compromised data includes a comprehensive collection of personally identifiable information that poses significant risks to those affected. Among the exposed details are passport numbers, full names, telephone numbers, email addresses, residential addresses, and dates of birth—essentially a complete profile that could enable identity theft and fraud on a massive scale. The breach represents one of the most serious cybersecurity incidents targeting travel industry customers in recent years.
What makes this situation particularly alarming is the post-breach handling of the stolen data. Eurail confirmed that the information accessed during the December security incident has been actively marketed for sale on the dark web, the hidden corners of the internet where criminal activity thrives with relative anonymity. Additionally, threat actors have published a sample dataset containing victim information on Telegram, a messaging platform increasingly used by cybercriminals to distribute stolen data and coordinate illegal activities.
Source: The Guardian
