European journey firm Eurail is notifying over 300,000 those who their private data was stolen in a December 2025 knowledge breach.
The incident was initially disclosed in January, when the corporate warned that prospects who had been issued a Eurail go may need been affected.
The knowledge was stolen after hackers breached the Netherlands-based firm’s community and stole recordsdata containing fundamental id and phone data.
In February, a hacker boasted on a floor internet cybercrime website about stealing roughly 1.3 terabytes of information from Eurail’s AWS S3, Zendesk, and GitLab cases, together with supply code, assist tickets, and database backups.
The hacker claimed they stole the private data of tens of millions of Eurail/Interrail prospects and that negotiations with the journey firm had failed.
In early March, Eurail confirmed that the hacker had been providing the stolen knowledge on the darkish internet and that they printed a pattern dataset on their Telegram channel. It additionally stated it doesn’t retailer financial institution or bank card data, nor visible copies of passports.
“Customers whose personal data was included in the sample dataset will be informed directly where contact details are available to us,” the corporate stated.
Last week, Eurail filed breach notifications with the Attorney General’s Offices in a number of US states, revealing that names and passport numbers had been stolen within the assault.
The firm told the Oregon Attorney General’s Office that the information breach impacts solely 308,777 individuals. Eurail is sending written notifications to the possibly impacted people.
Related: FBI: Cybercrime Losses Neared $21 Billion in 2025
Related: Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption
Related: European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
Related: T-Mobile Sets the Record Straight on Latest Data Breach Filing
