Eurail B.V., the operator that provides access to 250,000 kilometers of European railways, confirmed that data stolen in a breach earlier this year is being offered for sale on the dark web.
The company said that a threat actor also published a sample of the data on the Telegram messaging platform but it is still trying to determine the type of records and number of customers affected.
Eurail B.V. is a Netherlands-based firm that manages and sells passes (Eurail and Interrail) for train travel across Europe, offering flexibility for multi-country trips.
Its passes are also very popular among young European travelers participating in the EU’s DiscoverEU program.
Last month, the company disclosed that it suffered a data breach when threat actors gained unauthorized access to its customer database, compromising sensitive information, including full names, passport details, ID numbers, bank account IBANs, health information, and contact details (email addresses, phone numbers).
“We have become aware that the data has been offered for sale on the dark web and a sample data set has been published on Telegram.
“We are currently investigating which specific data records or how many of the affected customers this concerns,” reads Eurail’s update.
Eurail states that it continues the investigation to determine exactly what data was compromised for each affected customer, and will send individual notifications for those impacted.
Meanwhile, concerned data protection authorities have been notified in accordance with the GDPR requirements, and authorities outside the EU will be alerted soon.
Customers who may have had their information exposed in this incident should be vigilant to potential phishing and scam attempts.
Eurail suggests that customers update their Rail Planner app account passwords and reset them on any other platform where they use the same credentials.
Also, customers should monitor their bank account activity closely and report any suspicious transactions to their bank immediately.
A FAQ page has been published to support customers, and any concerns may also be addressed directly via email to privacyhelp@eurail.com.
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.