Overview
- Eurail said in recent US state filings that the breach affected 308,777 people and that written notifications are being sent to those impacted.
- The company confirmed the stolen files contained names and passport numbers, while saying it does not store payment card data or passport images on the affected systems.
- A threat actor claimed roughly 1.3 terabytes were taken from Eurail’s AWS S3, Zendesk, and GitLab, and Eurail acknowledged the data is being offered for sale with a sample posted on Telegram.
- The intrusion stems from December 2025, when an unauthorized party transferred files from Eurail’s network, and by late February the company had determined customer information was involved.
- Eurail urged customers to reset Rail Planner app passwords, watch for phishing, and monitor bank accounts, noting earlier updates that some records may include reservation details, contact data, IBANs, or health information.