Eurail data breach: Stolen information offered on dark web

Eurail B.V., the company managing European rail passes, has confirmed that data stolen in a breach earlier this year is now being offered for sale on the dark web. A sample of the compromised information was also published on the Telegram messaging platform, based on information published by Bleeping Computer.

The breach, which occurred when threat actors gained unauthorized access to Eurail's customer database, potentially exposed sensitive information including full names, passport details, ID numbers, bank account IBANs, health information, and contact details. Eurail, which sells popular Eurail and Interrail passes and is involved in the EU's DiscoverEU program, is actively investigating the exact number of affected customers and the specific records compromised.

Eurail has notified data protection authorities in accordance with GDPR and plans to alert authorities outside the EU. Customers are advised to be vigilant against phishing and scam attempts, update passwords, and monitor bank accounts for suspicious activity.

Source: Bleeping Computer