Australian travellers may be caught up in Euro rail pass data breach

King Charles delivers toast at state dinner

Travellers' private information such as phone numbers, passport numbers, email and home addresses, full names and dates of birth were collected in the breach in December.

This month, Eurail BV sent an update email to customers announcing that "data copied during the security incident has been offered for sale on the dark web and a sample dataset has been published on Telegram".

Eurail informs customers that data has been

Many travellers who have been notified are confused on how to treat the incident with some considering replacing passports.

Eurail is a Netherlands-based firm that offers flexible train passes to different age groups, including week-long passes to jump on trains in 33 countries priced just under $500 for people aged 12-27.

In 2024, Eurail released stats showing Australia as the company's second largest market globally after the US, with 57,000 Australians using the train pass that year and travelling an average of 1652 kilometres by rail.

Jody Bauer, senior research analyst at Eurail, said: "Aussies are hugely important travellers for Eurail, with some interesting findings reflected in 2024 full year data.

"For starters, despite cost-of-living concerns at home, Australian Youth travellers (those aged 12-27) dominated, representing 43 per cent of all Australian passholders last year."

Bauer added, "the share of Australian Youth travellers has jumped from just 32 per cent pre-COVID (2019) to 43 per cent last year (2024)".

In the initial email about the data breach sent in early January, customers were told that "an unauthorised person gained access to part of our customer database".

"This means that someone outside Eurail has been able to access certain customer details.

"Preventing and mitigating negative consequences for you is our highest priority.

"Criminals may attempt to misuse your data.

"Therefore, we advise you to remain extra vigilant for unexpected or suspicious phone calls, emails, or text messages asking you for personal information."

Eurail informed customers that

Nearly four months later, the company said it was working to secure its systems and was investigating "with the support of external cybersecurity specialists and legal advisors".

"In addition, we have unfortunately learned that data copied during the security incident has been offered for sale on the dark web and a sample data set has been published on Telegram."

They gave general recommendations for a data breach situation, including changing passwords used for email, social media, and banking, and monitoring for any unusual transitions or suspicious activity.

You can safely travel overseas, even if your passport has been involved in a data breach.

The Department of Foreign Affairs and Trade suggests three options for Australians involved in a data breach.

Firstly, you can choose to remain using your passport as it will stay valid for travel.

Secondly, you can apply to either replace your passport if it has more than two years before expiring, possibly with a reduced fee.

However, if it has less than two years you can renew your passport by paying the fee.

Finally, you can send a request to the Australian Passport Office to cancel your passport immediately.

DFAT made it clear that you can still travel safely overseas if involved in a data breach because a physical passport is needed to travel under your identity.

NEVER MISS A STORY: Get your breaking news and exclusive stories first by following us across all platforms.