Eurail B.V. confirmed that customer data stolen in a breach earlier this year is being offered for sale on the dark web and a sample of the data was published on Telegram. The company is investigating which records and how many customers were affected, has notified data protection authorities under the GDPR, and advises customers to change Rail Planner passwords, reset reused credentials, and monitor bank accounts. #Eurail #Telegram #GDPR #RailPlanner #DiscoverEU
Keypoints
- A threat actor is offering stolen Eurail customer data for sale on the dark web and published a sample on Telegram.
- Potentially compromised data includes full names, passport details, ID numbers, bank account IBANs, health information, and contact details.
- Eurail is investigating the scope of the breach and will send individual notifications to affected customers.
- Data protection authorities have been notified in line with GDPR requirements, with non-EU authorities to be alerted soon.
- Customers are advised to update Rail Planner passwords, reset reused credentials, monitor bank accounts, and use the published FAQ or [email protected] for assistance.