European rail-pass operator Eurail disclosed that a December 2025 network breach resulted in stolen files from its AWS S3, Zendesk, and GitLab instances and that attackers published sample data on dark web channels. The company is notifying 308,777 customers about exposed identity details, including names and passport numbers. #Eurail #AWS_S3
Keypoints
- Hackers breached Eurailβs network in December 2025 and exfiltrated data from AWS S3, Zendesk, and GitLab.
- The stolen data reportedly included source code, support tickets, and database backups.
- A threat actor posted sample data on Telegram and offered the haul on the dark web, claiming larger numbers affected.
- Eurail stated it does not store payment card details or visual passport copies but confirmed names and passport numbers were exposed.
- The company filed breach notifications with multiple US state attorney generals and is sending written notices to 308,777 impacted individuals.
Read More: https://www.securityweek.com/300000-people-impacted-by-eurail-data-breach/