Eurail Data Breach: Stolen Customer Data Sold on Dark Web
Summary
Hide ▲
Show ▼
Eurail B.V. confirmed a December 26, 2025 data breach impacting 308,777 individuals, with stolen data including full names, passport details, ID numbers, bank account IBANs, health information, and contact details now being sold on the dark web. The breach involved unauthorized file transfers from Eurail’s network, and the company has notified affected customers and data protection authorities. Customers are advised to update passwords, monitor bank accounts, and remain vigilant against phishing attacks. The breach occurred after threat actors gained unauthorized access to Eurail’s customer database, exposing sensitive traveler information. Eurail initially disclosed the incident in February 2026, noting that a sample of the stolen data was published on Telegram. The European Commission later warned that health information for young travelers in the DiscoverEU program may also have been compromised.
Timeline
-
16.02.2026 21:19 2 articles · 1mo ago
Eurail Data Breach: Stolen Data Sold on Dark Web
Eurail B.V. confirmed that a December 26, 2025 breach impacted 308,777 individuals, with stolen data including full names, passport details, ID numbers, bank account IBANs, health information, and contact details now being sold on the dark web. The European Commission warned that health information for DiscoverEU program participants may have been exposed. Eurail notified affected customers in March 2026 and advised them to update passwords, monitor bank accounts, and remain vigilant against phishing and scams.
Show sources
- Eurail says stolen traveler data now up for sale on dark web — www.bleepingcomputer.com — 16.02.2026 21:19
- Eurail says December data breach impacts 300,000 individuals — www.bleepingcomputer.com — 09.04.2026 13:31
Information Snippets
-
Eurail B.V. manages and sells passes for train travel across Europe, offering flexibility for multi-country trips.
First reported: 16.02.2026 21:191 source, 2 articlesShow sources
- Eurail says stolen traveler data now up for sale on dark web — www.bleepingcomputer.com — 16.02.2026 21:19
- Eurail says December data breach impacts 300,000 individuals — www.bleepingcomputer.com — 09.04.2026 13:31
-
The company disclosed a data breach last month, where threat actors gained unauthorized access to its customer database.
First reported: 16.02.2026 21:191 source, 2 articlesShow sources
- Eurail says stolen traveler data now up for sale on dark web — www.bleepingcomputer.com — 16.02.2026 21:19
- Eurail says December data breach impacts 300,000 individuals — www.bleepingcomputer.com — 09.04.2026 13:31
-
Stolen data includes full names, passport details, ID numbers, bank account IBANs, health information, and contact details.
First reported: 16.02.2026 21:191 source, 2 articlesShow sources
- Eurail says stolen traveler data now up for sale on dark web — www.bleepingcomputer.com — 16.02.2026 21:19
- Eurail says December data breach impacts 300,000 individuals — www.bleepingcomputer.com — 09.04.2026 13:31
-
Eurail has notified data protection authorities in accordance with GDPR requirements.
First reported: 16.02.2026 21:191 source, 2 articlesShow sources
- Eurail says stolen traveler data now up for sale on dark web — www.bleepingcomputer.com — 16.02.2026 21:19
- Eurail says December data breach impacts 300,000 individuals — www.bleepingcomputer.com — 09.04.2026 13:31
-
Customers are advised to update their Rail Planner app account passwords and monitor bank account activity closely.
First reported: 16.02.2026 21:191 source, 2 articlesShow sources
- Eurail says stolen traveler data now up for sale on dark web — www.bleepingcomputer.com — 16.02.2026 21:19
- Eurail says December data breach impacts 300,000 individuals — www.bleepingcomputer.com — 09.04.2026 13:31
-
Eurail B.V. disclosed that attackers stole personal information of 308,777 individuals in a December 26, 2025 breach.
First reported: 09.04.2026 13:311 source, 1 articleShow sources
- Eurail says December data breach impacts 300,000 individuals — www.bleepingcomputer.com — 09.04.2026 13:31
-
Unauthorized actor transferred files containing customer data from Eurail's network on December 26, 2025.
First reported: 09.04.2026 13:311 source, 1 articleShow sources
- Eurail says December data breach impacts 300,000 individuals — www.bleepingcomputer.com — 09.04.2026 13:31
-
Eurail confirmed the stolen data included names and passport numbers for affected individuals.
First reported: 09.04.2026 13:311 source, 1 articleShow sources
- Eurail says December data breach impacts 300,000 individuals — www.bleepingcomputer.com — 09.04.2026 13:31
-
European Commission issued a separate alert warning that DiscoverEU program passengers may have had health information exposed.
First reported: 09.04.2026 13:311 source, 1 articleShow sources
- Eurail says December data breach impacts 300,000 individuals — www.bleepingcomputer.com — 09.04.2026 13:31
-
Eurail advised customers to remain vigilant against phishing attacks and scams following the breach.
First reported: 09.04.2026 13:311 source, 1 articleShow sources
- Eurail says December data breach impacts 300,000 individuals — www.bleepingcomputer.com — 09.04.2026 13:31
Similar Happenings
WestJet data breach impacts 1.2 million customers
WestJet, a major Canadian airline, has confirmed that a cyberattack on June 13, 2025, compromised the personal information of 1.2 million customers. The breach involved the theft of travel documents, including passports and ID documents. The attackers gained access to the network through a Citrix system after resetting an employee's password via social engineering. The breach was attributed to threat actors associated with Scattered Spider, although no official attribution has been made. The compromised data includes full names, dates of birth, mailing addresses, travel documents, requested accommodations, filed complaints, WestJet Rewards Member IDs, and details of WestJet RBC Mastercard information. No credit card or debit card numbers, expiry dates, CVV numbers, or user passwords were compromised. The airline is working with the FBI and has offered a free 2-year identity theft protection and monitoring service to affected customers. The breach was first identified on June 13, 2025, and the data breach notification was sent to the Office of the Maine Attorney General on September 29, 2025.
Insight Partners Ransomware Breach Affects 12,657 Individuals
Insight Partners, a New York-based venture capital and private equity firm, has notified 12,657 individuals that their personal information was compromised in a ransomware attack. The breach, which occurred in October 2024, involved a sophisticated social engineering attack that allowed threat actors to access and encrypt servers. The stolen data includes banking and tax information, personal details of current and former employees, and information related to limited partners, funds, and portfolio companies. The company has offered complimentary credit or identity monitoring services to those affected and has filed breach notifications with state attorneys general. The incident highlights the ongoing risk of social engineering attacks and the potential for significant data exfiltration in ransomware breaches.
Farmers Insurance Data Breach Affects Over 1 Million Customers
Farmers Insurance, along with its affiliated companies and subsidiaries, experienced a data breach through a third-party vendor. The breach occurred on May 29 and was discovered the following day. Over 1 million customers were affected. The compromised data included personal information, although the specific details have not been disclosed. The incident was detected by the vendor's monitoring tools, which allowed for quick containment measures. The company has notified law enforcement and is offering affected individuals two years of complimentary identity monitoring services. The breach was detected on May 30, and the investigation concluded on July 24. The unauthorized access involved a third-party vendor's database containing customer information.