"European rail pass provider Eurail has confirmed that customer data stolen recently by hackers has been offered for sale. The Netherlands-based company disclosed a data breach in mid-January, informing the public that the personal, order, and travel reservation information of customers who were issued a Eurail pass may have been compromised. Those who reserved a seat through Eurail may also be affected."
"The hackers claim to have stolen roughly 1.3 TB of data from AWS S3, Zendesk, and GitLab instances. According to the cybercriminals, the stolen data includes Eurail source code from GitLab, support tickets from Zendesk, and database backups from AWS S3. The hackers claim the database backups include the personal information of "millions of Eurail/Interrail customers", including names, dates of birth, phone numbers, email addresses, postal addresses, and passport information."
Eurail disclosed a mid-January data breach in which hackers accessed systems storing customer identity, contact, passport, order, and travel reservation information. Individuals who received DiscoverEU passes may have had passport copies, health data, and bank account numbers compromised. Stolen data reportedly includes approximately 1.3 TB of files from AWS S3, Zendesk, and GitLab, encompassing source code, support tickets, and database backups. Hackers claim the backups contain personal details for millions of Eurail/Interrail customers. Sample data has appeared on a Telegram channel and a surface web cybercrime site. Hackers say negotiations failed and warn they will publicly release or sell the data if no buyer is found. Eurail is investigating the extent and number of affected customers.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]