Eurail B.V. disclosed a December 2025 data breach that exposed the personal information of 308,777 travelers, including names, passport numbers, bank IBANs, health details, and contact information. Stolen data samples were posted on Telegram and offered for sale on the dark web, prompting customer notifications and advisory actions. #Eurail #ShinyHunters
Keypoints
- Attackers accessed Eurailβs customer database on December 26, 2025, and transferred files containing personal data.
- The breach impacted 308,777 individuals and included sensitive details such as passport numbers, ID numbers, and IBANs.
- Samples of the stolen data were published on Telegram and listed for sale on the dark web.
- Eurail notified affected customers in March 2026 and urged password changes and monitoring of bank accounts.
- The European Commission warned DiscoverEU beneficiaries may have had additional sensitive data exposed, and the Europa.eu platform was also recently breached.