European rail travel provider Eurail has confirmed a data breach that exposed customer personal, order, and reservation information, impacting travelers across multiple countries.
According to the company, the incident affected all customers issued a Eurail pass, along with individuals who made seat reservations, including those who purchased passes through partner platforms and authorized distributors. Customers enrolled in the EU’s DiscoverEU programme were also impacted.
While Eurail has not yet determined the exact number of affected individuals, it is actively investigating the incident in coordination with the European Commission and relevant authorities.
Eurail stated that the compromised data includes basic identity and contact details, along with passport information. The European Commission later confirmed that for DiscoverEU participants, the exposed information was more extensive and may include names, dates of birth, physical addresses, email addresses, phone numbers, passport and national ID details, health-related information, and IBANs.
In compliance with GDPR requirements, Eurail reported the breach to the appropriate data protection authority. The company emphasized that, at this time, there is no evidence of misuse or public disclosure of the stolen data. External cybersecurity specialists are continuing to monitor the situation.
Authorities have advised potentially affected travelers to remain alert for phishing attempts, identity fraud, spoofing, and unauthorized account access, given the sensitivity of the exposed information.
Eurail has confirmed that it has secured the impacted systems, rotated access credentials, and strengthened security monitoring controls. The company is continuing its investigation alongside cybersecurity experts and regulatory bodies to fully assess the scope and root cause of the breach.
The incident underscores the growing cybersecurity risks facing the travel and transportation sector, particularly organizations handling large volumes of sensitive traveler and identity data.
