Utrecht-based Eurail BV has acknowledged that customer information has been involved in a cybersecurity incident. According to an official statement, an unauthorized person gained access to the company’s customer database.

The following data may be affected:

• Identification data: First name, last name, date of birth, gender
• Contact details: Email address, home address, telephone number
• Passport details: Passport number, country of issue and expiry date

No evidence of data misuse so far

No further details about the attack are available. According to Eurail, the investigation is ongoing. But at this time there is no indication the data was misused or publicly shared.

According to the rail travel provider, Interrail Pass customers’ identification documents are not copied, only the data they provide is stored. However, this does not apply to all customers. Those who have purchased a ticket through the DiscoverEU program must also be aware that copies of their identification documents, IBAN numbers, and health data may have fallen into the wrong hands, according to a separate statement from the European Union.

Eurail warns of the consequences of attacks

Eurail advises its customers to remain vigilant: Attackers could use the stolen data to launch phishing or fraudulent schemes, and identity theft is also a possibility. The company has also set up a FAQ page to offer further support. In addition, the provider recommends changing the passwords for Rail Planner apps, email accounts, social media accounts, and online banking links.