More than 300,000 Interrail passengers have had their personal data compromised in a significant security breach affecting Eurail BV, the company behind the popular rail pass. The breach has exposed sensitive information, including passport numbers, contact details, bank account references, and health data.
Scope of the Breach
The compromised data also impacts participants in the European Union's DiscoverEU programme, which offers free travel passes to young Europeans. According to Eurail, the stolen information has been leaked and offered for sale on the dark web, with a sample dataset published on the Telegram messaging platform. The company has concluded its investigation and is now notifying affected customers.
Eurail has clarified that it does not store bank or credit card details, nor visual copies of passports. However, the breach still poses significant risks to those affected.
Official Response
The Home Office has stated that it is up to individual passport holders to decide whether to replace their passports if details are compromised, highlighting the robust security features of British passports. Both Eurail and DiscoverEU advise customers to remain vigilant for suspicious communications, update passwords for related accounts, and monitor bank accounts closely.
Some affected individuals are seeking compensation for the cost of replacing passports, as the breach has raised concerns about identity theft and financial fraud.
