## Eurail Confirms Data Breach and Dark Web Leak **Eurail B.V.** has notified U.S. regulators and affected individuals about a significant data breach that compromised the personal information of 308,777 people. The company, owned by over 35 European railway and ferry companies, provides passes for travelers using Europe's rail system. The breach occurred on December 26th, when hackers gained access to **Eurail's** systems and copied data. A spokesperson confirmed that the stolen data has been offered for sale on the dark web, with a sample dataset already published on Telegram. Customers whose data was included in the sample are being directly notified. ## Stolen Data and Unmet Ransom Demands The letters sent to victims in states like Oregon, Texas, and California, indicate that names and passport numbers were among the stolen data. In February, a hacker claimed responsibility for the attack, alleging the theft of 1.3 TB of data, including source code, database backups, and Zendesk support tickets. The hacker stated that **Eurail** declined to negotiate a ransom, prompting them to publicize the theft. ## Impact on DiscoverEU Program The data breach also had repercussions for the **DiscoverEU** program, a separate travel initiative. **DiscoverEU** issued a statement warning participants that their data, including names, ages, passport information, photocopies of passports, addresses, bank account numbers, and some health data, was likely compromised in the breach. ## Eurail's Response **Eurail**, which has been in operation since 1959, has reported the incident to European Union data protection authorities and other agencies outside the EU. The company is urging customers to be cautious of unsolicited contact requesting personal information and advising them to change passwords associated with their Rail Planner app.