HACKERS are selling stolen Eurail traveler information on the dark web, following a breach Eurail B.V. disclosed earlier this year. Eurail B.V. confirmed that data affected by the security incident has been offered for sale on the dark web and that a sample data set has been published on Telegram, with the company continuing its investigation.
According to Eurail B.V., the breach may involve order and reservation details, basic identity and contact data, travel companion information, and in some cases passport numbers and expiry dates, with data such as name, date of birth, passport or ID information, email address, postal address, country of residence, phone number, IBAN and health information potentially affected.
The company stressed that it does not store payment card data or passport copies, and it is notifying authorities in line with GDPR requirements. The breach also affected participants in the European Commission’s DiscoverEU programme, and Eurail urged customers to monitor accounts and be vigilant for suspicious requests for information.