Overview
- Eurail told customers this week that stolen records are being offered for sale on the dark web, with a sample dataset also posted on Telegram, and said those in the sample are being contacted directly.
- The company previously reported that 308,777 people had personal data exposed, including names, emails, dates of birth and country, and for some DiscoverEU participants, stored passport or ID images.
- At least one UK traveler was advised by HM Passport Office to cancel their passport to stop possible fraudulent use after the leak surfaced online.
- Eurail says it secured its systems, hired external cybersecurity experts and legal advisors, continues dark‑web monitoring and notifications, and urges customers to watch for phishing attempts.
- Security reporting indicates hackers pulled about 1.3 terabytes from Amazon S3, Zendesk and GitLab, and experts note digital passport scans can sell for about £26, which makes impersonation schemes cheaper and faster.