Eurail Data Breach Exposes Passport Numbers of More Than 300,000 People

What happened

A Eurail data breach exposed the personal information of 308,777 people after hackers copied data from the company’s systems on Dec. 26, 2025. Eurail disclosed the incident to U.S. regulators this week and said some of the stolen data has been offered for sale on the dark web, with a sample dataset also published on Telegram. The company confirmed that customers whose personal data appeared in the sample are being informed directly where contact details are available. Breach notices filed in multiple U.S. states say the exposed information included names and passport numbers. A hacker separately claimed in February to have stolen 1.3 terabytes of data, including source code, database backups, and Zendesk support tickets. 

Who is affected

The direct exposure affects Eurail customers whose names and passport numbers were included in the compromised data. The incident also had downstream impact on DiscoverEU, which said affected information may include names, ages, passport details, passport photocopies, addresses, bank account numbers, and some health data. 

Why CISOs should care

This incident matters because it involves identity-sensitive travel data, including passport information, and appears to have extended into connected programs beyond Eurail itself. It also shows how a breach in a travel platform can create follow-on fraud and impersonation risk when stolen data is publicly advertised and sample records are published online. 

3 practical actions

1. Scope identity-document exposure precisely: Confirm whether passport numbers, passport copies, and other travel-related identity records were present in the affected systems, since those data types can drive higher-risk follow-on abuse. 
2. Assess downstream program impact: Review whether connected travel programs, partners, or customer support platforms hold overlapping data that could expand the breach beyond the primary victim environment. 
3. Prepare customers for follow-on abuse: Warn affected users to watch for suspicious requests for personal information and secure credentials tied to travel accounts and apps. 

For more news about incidents involving exposure of personal information, click Data Breach to read more.

John Kevin Hao

+ postsBio ⮌

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

• John Kevin Hao

  CISO Diaries: Alessio Cipolletta on Security in Safety-Critical Aviation Environments
• John Kevin Hao

  FBI Warns of Kali365 Phishing-as-a-Service Platform After April Microsoft 365 Attacks
• John Kevin Hao

  Ukraine Probes Teen Suspect in Cyber Theft Scheme Targeting California Online Shoppers
• John Kevin Hao

  CISO Diaries: Jason Scanlon on Security Culture, Leadership, and the Human Side of Cybersecurity