DATA BREACHES Hackers Offer to Sell Millions of Eurail User Records Eurail has confirmed that the stolen data is up for sale, but it’s still trying to determine how many individuals are impacted. By Eduard Kovacs | February 17, 2026 (10:27 AM ET) Flipboard Reddit Whatsapp Email European rail pass provider Eurail has confirmed that customer data stolen recently by hackers has been offered for sale. The Netherlands-based company disclosed a data breach in mid-January, informing the public that the personal, order, and travel reservation information of customers who were issued a Eurail pass may have been compromised. Those who reserved a seat through Eurail may also be affected. Eurail said at the time that hackers accessed systems storing basic identity and contact information, along with passport data. In the case of individuals who received a DiscoverEU pass, compromised information can also include passport copies, health data, and bank account numbers. In an update shared late last week, Eurail said the stolen data is up for sale on the dark web, with sample data shared on a Telegram channel. “We are currently investigating which specific data records or how many of the affected customers this concerns,” the company said. ADVERTISEMENT. SCROLL TO CONTINUE READING. While Eurail says the data has been offered for sale on the dark web, SecurityWeek has also seen it on a surface web cybercrime site. The hackers claim to have stolen roughly 1.3 TB of data from AWS S3, Zendesk, and GitLab instances. According to the cybercriminals, the stolen data includes Eurail source code from GitLab, support tickets from Zendesk, and database backups from AWS S3. The hackers claim the database backups include the personal information of “millions of Eurail/Interrail customers”, including names, dates of birth, phone numbers, email addresses, postal addresses, and passport information. On their Telegram channel the hackers said negotiations with Eurail have failed and they plan on publicly releasing all the stolen data if they don’t find a buyer. “If the company would like to prevent publication/sale of this data, they can resume negotiation,” they said. Based on SecurityWeek’s analysis, several of the database files offered for sale appear to have between 50,000 and 17 million records. Related: Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea After Data Breaches Related: Dutch Carrier Odido Discloses Data Breach Impacting 6 Million Related: Conduent Breach Hits Volvo Group: Nearly 17,000 Employees’ Data Exposed WRITTEN BY Eduard Kovacs Eduard Kovacs (@EduardKovacs) is the managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Microsoft Warns of ClickFix Attack Abusing DNS Lookups Google Patches First Actively Exploited Chrome Zero-Day of 2026 Check Point Announces Trio of Acquisitions Amid Solid 2025 Earnings Beat BeyondTrust Vulnerability Targeted by Hackers Within 24 Hours of PoC Release China Revives Tianfu Cup Hacking Contest Under Increased Secrecy Hacktivists, State Actors, Cybercriminals Target Global Defense Industry, Google Warns Conduent Breach Hits Volvo Group: Nearly 17,000 Employees’ Data Exposed Chipmaker Patch Tuesday: Over 80 Vulnerabilities Addressed by Intel and AMD Latest News Cyber Insights 2026: The Ongoing Fight to Secure Industrial Control Systems API Threats Grow in Scale as AI Expands the Blast Radius Man Linked to Phobos Ransomware Arrested in Poland 3 Threat Groups Started Targeting ICS/OT in 2025: Dragos Password Managers Vulnerable to Vault Compromise Under Malicious Server Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea After Data Breaches Android 17 Beta Strengthens Secure-by-Default Design for Privacy and App Security CISA Navigates DHS Shutdown With Reduced Staff TRENDING Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Identity Under Attack: Why Every Business Must Respond Now February 11, 2026 Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise. Register Virtual Event: Ransomware Resilience & Recovery 2026 Summit February 25, 2026 SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats. Submit PEOPLE ON THE MOVE Robert Carvajal has been appointed as CISO of BayCare Health System. KnowBe4 announced the appointment of Kelly Morgan as Chief Customer Officer. CrowdStrike has named Jonathon Dixon as vice president and managing director for the JAPAC region. More People On The Move EXPERT INSIGHTS How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Security in the Dark: Recognizing the Signs of Hidden Information Security failures don’t always start with attackers, sometimes they start with missing truth. (Joshua Goldfarb) Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Why We Can’t Let AI Take the Wheel of Cyber Defense The fastest way to squander the promise of AI is to mistake automation for assurance, and novelty for resilience. (Steve Durbin) The Upside Down is Real: What Stranger Things Teaches Us About Modern Cybersecurity To all those who are fighting the good fight in the world of cyber, keep collaborating to ensure our world never succumbs to the chaos of the Upside Down. (Nadir Izrael) Flipboard Reddit Whatsapp Email