Eurail B.V, the company behind the Interrail pas allowing train travel across Europe, has announced a data security incident after unauthorised access was detected in its systems. This potentially exposed customer order, reservation, and passport information. The Utrecht-based company announced the breach on January 10, stating that an investigation is underway with support from cybersecurity specialists and legal advisors.
The investigation remains ongoing, and Eurail has not yet confirmed whether data was copied or misused. “There is currently no evidence that the data has been misused or publicly disclosed,” the company stated, adding that external cybersecurity specialists are monitoring the situation. According to Eurail, an early review suggests the data involved may include customer order and reservation information, including basic identity and contact details and, where provided, passport information.
EU youth programme affected
The European Commission announced in a statement that the breach extends to participants in the DiscoverEU program, financed under Erasmus+. According to its European Youth Portal, compromised data may include names, passport details, bank account references (IBAN), and health information. While no misuse has been detected so far, the Commission warned of potential risks, including phishing attempts and identity theft.
It advised DiscoverEU travellers to change passwords, monitor bank transactions, and report suspicious activity. The European Data Protection Supervisor has been notified, and updates will be shared as the investigation progresses. Eurail has secured affected systems, reset access credentials, and enhanced monitoring, according to the statement.
A reminder of digital risks
Eurail has reported the incident to the Dutch data protection authority in compliance with EU GDPR requirements and is notifying other relevant regulators outside the EU. Affected customers will be contacted directly as more details emerge. The company regretted any concern caused and reiterated its commitment to data security.
The incident serves as a stark reminder of the vulnerabilities in digital systems, even for established travel services. For now, customers are advised to monitor communications from Eurail and remain vigilant for any suspicious activity related to their personal data.
Read more: