300,000 Interrail Travelers Forced to Cancel Passports After Eurail Data Breach Exposed on Dark Web
Key Takeaways
- ▸Personal data of 300,000+ European Interrail passengers was compromised in a December 2024 breach and is now being offered for sale on the dark web
- ▸UK Passport Office and other European authorities have advised or required affected customers to cancel passports and purchase replacements at full cost (£102+ in UK, £200+ in Denmark)
- ▸Eurail's delayed notification about the dark web publication has compounded customer frustration, with many demanding compensation under GDPR Article 82
Summary
Eurail, the Dutch company that sells Interrail rail passes for European travel, has announced that personal data stolen in a December security breach affecting over 300,000 travelers has been posted for sale on the dark web and shared on Telegram. The compromised data includes passport numbers, names, phone numbers, email addresses, home addresses, and dates of birth. Following the revelation, affected travelers across Europe—including those in the UK and Denmark—have been advised or required by passport authorities to cancel their passports and obtain costly replacements, with some facing bills exceeding £200. The incident has sparked significant customer backlash, with travelers demanding compensation and expressing concerns about identity theft and the cost burden of replacing travel documents ahead of planned summer holidays.
- Affected travelers face significant financial and logistical burdens, with some unable to obtain replacement passports in time for summer travel plans
