Eurail B.V., the company that manages the Interrail card, has revealed that a data breach occurred in which personal information of customers has most likely been exfiltrated.
-
Eurail B.V. suffered a data security incident affecting an unknown number of customers across Interrail, Eurail, and the EU's DiscoverEU program, with unauthorized access to customer databases.
-
Personal information likely stolen includes names, email addresses, phone numbers, home addresses, dates of birth, and in some cases, passport/ID copies, bank account numbers (IBANs), and health data.
-
While the breach has been confirmed and reported to data protection authorities, there is currently no evidence that the stolen data has been publicly disclosed or misused.
Eurail claims that a “data security incident” within its Interrail systems resulted in unauthorized access to customer data. Interrail is a pass that allows Europeans unlimited travel by train within 33 European countries.
Personal information was stored in the database, including first and last names, email addresses, phone numbers, home addresses, and dates of birth. In some cases, copies of passports or ID documents, as well as bank account reference numbers (IBAN), may have been involved.
“Following the discovery, we immediately began work to secure our systems and initiated an investigation with the support of external cybersecurity specialists and legal advisors,” Eurail said in a public statement.
An investigation has been launched to determine the scope of the incident and the potential impact on customers. The number of affected customers remains unclear at this time.
In addition to Eurail and Interrail customers, the security incident also affects DiscoverEU travelers. DiscoverEU is a European Union initiative that enables young people to obtain a travel pass.
The European Commission states that the potentially stolen data consists of names, dates of birth, copies of passports or identity cards, email addresses, address details, telephone numbers, account numbers, and health data.
The incident has been reported to the data protection authority. Relevant data protection authorities outside of the EU are currently being informed of the incident. The same goes for affected customers.
According to Eurail, there’s currently no evidence that the data has been misused or publicly disclosed. External cybersecurity specialists are continuously monitoring the situation.
Victims are advised to change passwords associated with their email addresses, social media accounts, and banking accounts. Additionally, they should be vigilant for phishing attempts and closely monitor any unusual transactions in their bank account. If any of their personal information is used maliciously, they should report this to a competent data protection authority.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked