EURAIL has confirmed that the stolen data is up for sale, with the company stating it is investigating how many individuals are affected as the breach unfolds. SecurityWeek reports that hackers claim to have stolen roughly 1.3 TB of data from AWS S3, Zendesk and GitLab, and that the stolen information includes Eurail source code, support tickets and database backups.
The hackers say the database backups contain the personal information of “millions of Eurail/Interrail customers”, including names, dates of birth, phone numbers, email addresses, postal addresses and passport information, and negotiations with Eurail have allegedly failed. According to the cybercriminals, several of the offered files appear to contain between 50,000 and 17 million records, with sample data shared on a Telegram channel and the data also appearing on a surface web site.
Eurail said late last week that the stolen data is up for sale on the dark web, and SecurityWeek notes that the group claims to have access to Eurosian data stored across multiple services. Written by Eduard Kovacs, 17 February 2026, according to SecurityWeek.