European railway pass operator Eurail B.V. has confirmed that data stolen in a breach earlier this year is now being sold on the dark web. Eurail, which provides access to over 250,000 kilometers of European railways through its Eurail and Interrail passes, said the stolen data includes traveler information from pass purchases. The company has begun notifying affected customers.
Learn how to protect yourself from identity theft after a data breach on OpenClassActions.com.
What Happened
Eurail disclosed that attackers breached its systems and stole customer data, which is now confirmed to be available for sale on dark web marketplaces. The stolen data is believed to include names, email addresses, passport information, and travel booking details. For travelers who purchased Eurail or Interrail passes, the exposure of passport data is particularly concerning.
Eurail passes are popular with American tourists traveling in Europe, meaning the breach likely affects U.S. residents as well as European travelers. The company has not disclosed the total number of affected customers.
Who Is Affected
Anyone who purchased a Eurail or Interrail pass and provided personal information during the booking process may be affected. This includes travelers who booked directly through Eurail’s website or authorized resellers.
What You Should Do
If you purchased a Eurail or Interrail pass, change your account password and monitor your email for a breach notification from the company. Because passport data may have been exposed, consider monitoring your passport for unauthorized use and report any suspected misuse to the U.S. State Department (for American travelers) or your country’s passport authority. Be especially cautious of phishing emails referencing European travel or Eurail promotions.
This article is for informational purposes only and does not constitute legal advice. Written by Steve Levine for OpenClassActions.org.