Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Eurail B.V. hit by network compromise

Incident
First reported
Last updated
Happening score
H score 13
1 unique sources, 1 articles

Summary

Hide ▲

Eurail B.V. confirmed a customer-database breach after an unauthorized actor transferred files from its network on December 26, 2025. The compromise exposed sensitive traveler records and ultimately affected 308,777 individuals. The incident created ongoing risk of phishing, identity theft, and financial fraud for customers whose information was in the breached database.

Related Happenings

7-Eleven franchisee-docs and Salesforce data leak

Data Leak
First: 18.05.2026 14:25 Last: 18.05.2026 14:25 Sources 1

About this happening: **7-Eleven** confirmed a **April 8, 2026** intrusion into systems used to store **franchisee documents**, and **ShinyHunters** later claimed the theft of **more than 600,000 Sales...

Latest development: 26.05.2026 10:01

Have I Been Pwned analyzed the leaked 7-Eleven data and estimated that the breach exposed personal information for 185,300 people, including names, dates of birth, unique email addresses, phone numbers, and physical addresses. The exposed archive was tied to ShinyHunters' extortion campaign against 7-Eleven and followed the group's leak-site posting after ransom demands were not met.

Open Happening

Zara customer data leak exposing 197,400 people

Data Leak
First: 08.05.2026 13:42 Last: 08.05.2026 13:42 Sources 1

About this happening: The **Zara** customer-data leak now exposes **197,400 people**, creating privacy and phishing risk across multiple markets. The exposed records include **unique email addresses**,...

Open Happening

European Commission hit by cyberattack

Incident
First: 27.03.2026 14:22 Last: 27.03.2026 14:22 Sources 1

About this happening: The **European Commission** is investigating a **security breach** after a threat actor gained access to its **Amazon cloud infrastructure**. At least **one account** used to mana...

Latest development: 03.04.2026 09:33

CERT-EU attributes the European Commission cloud breach to TeamPCP, and ShinyHunters published a 90GB archive of documents on a dark web leak site on March 28, exposing names, email addresses, and email content. CERT-EU says the exfiltrated data relates to websites hosted for up to 71 clients of the Europa web hosting service, including 42 internal European Commission clients and at least 29 other Union entities, and no websites were taken offline.

Open Happening

Eurail B.V. customer data leak and dark-web sale

Data Leak
First: 16.02.2026 21:19 Last: 16.02.2026 21:19 Sources 1

How related: Eurail also warned at the time that the threat actors had published a sample of the stolen data on Telegram and were attempting to sell it on the dark web.

About this happening: Stolen **Eurail B.V.** customer data is now **for sale on the dark web**, and a **Telegram sample** raises the risk of fraud and phishing for affected travelers. The company says...

Open Happening

Timeline

  1. 09.04.2026 13:31 1 articles · 1mo ago

    Eurail network file transfer on December 26, 2025

    Exploitation Observed

    An unauthorized actor transferred files from Eurail B.V.'s network on December 26, 2025 after breaching the customer database, indicating a direct data-exfiltration event tied to the compromise of traveler records.

    Show sources
    Open in new tab
  2. 27.03.2026 02:00 2 articles · 2mo ago

    March 27 disclosure says 308,777 individuals were affected

    Victim Impact Update

    On March 27, 2026, Eurail B.V. sent breach notification letters and filed with the Office of Oregon's Attorney General, saying the breach impacted 308,777 individuals and advising customers to change Rail Planner app passwords, reset reused passwords elsewhere, and monitor bank activity for phishing or suspicious transactions.

    Show sources
    Open in new tab