Eurail confirms data breach affecting 300,000 customers

Eurail Group confirmed a data breach on Friday after customer information surfaced on dark web forums. The leaked records include names, email addresses, and partial payment details of nearly 300,000 users. Security researchers first detected the breach in late October during routine monitoring of underground markets. The company stated that hackers accessed the data through a vulnerability in its customer portal. Eurail has since patched the flaw and notified affected users via email. A spokesperson said the breach did not compromise travel itineraries or passwords, but urged customers to monitor accounts for suspicious activity. Norwegian police cybercrime unit Kripos confirmed it is investigating the incident in collaboration with Europol. Investigators are tracing the source of the leak to a server in Eastern Europe. No ransom demand has been made public, and the motive behind the breach remains unclear. Eurail Group operates the Interrail and Eurail Pass ticketing systems used by millions annually. The company processes payments for train travel across 33 European countries. Affected customers can request free credit monitoring through the company’s support portal. Industry analysts warn that dark web markets increasingly target travel platforms due to the volume of stored personal data. Similar breaches have hit airlines and hotel chains in recent years, often leading to phishing campaigns and identity theft. Source: digi.no