{"id":546463,"date":"2026-04-23T13:31:08","date_gmt":"2026-04-23T13:31:08","guid":{"rendered":"https:\/\/www.newsbeep.com\/uk\/546463\/"},"modified":"2026-04-23T13:31:08","modified_gmt":"2026-04-23T13:31:08","slug":"some-interrail-travellers-told-to-cancel-passports-as-hacked-data-posted-online-cybercrime","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/uk\/546463\/","title":{"rendered":"Some Interrail travellers told to cancel passports as hacked data posted online | Cybercrime"},"content":{"rendered":"<p class=\"dcr-130mj7b\">Holidaymakers across <a href=\"https:\/\/www.theguardian.com\/world\/europe-news\" data-link-name=\"in body link\" data-component=\"auto-linked-tag\" rel=\"nofollow noopener\" target=\"_blank\">Europe<\/a> are facing the stress and expense of getting new passports after their personal data was posted on the dark web after a hack of the Interrail company Eurail.<\/p>\n<p class=\"dcr-130mj7b\">Personal data, including passport numbers, names, phone numbers, email and home addresses and dates of birth of more than 300,000 European travellers was accessed in December. But this week Eurail revealed to customers that \u201cdata copied during the security incident has been offered for sale on the dark web and a sample dataset has been published on Telegram\u201d.<\/p>\n<p class=\"dcr-130mj7b\">The announcement has led to renewed anger and confusion. The UK <a href=\"https:\/\/www.theguardian.com\/uk-news\/passport-office\" data-link-name=\"in body link\" data-component=\"auto-linked-tag\" rel=\"nofollow noopener\" target=\"_blank\">Passport Office<\/a> has told at least one customer they needed to \u201ccancel their passport to prevent it being used for fraudulent activity\u201d, with the Home Office agency also indicating they needed to pay the full \u00a3102 fee for a replacement.<\/p>\n<p class=\"dcr-130mj7b\">Another affected customer in Denmark said they had been obliged to cancel their passport, with a replacement likely to cost more than \u00a3200.<\/p>\n<p class=\"dcr-130mj7b\">\u201cIts an absolute nightmare,\u201d said one customer who had her details hacked, as did another member of her holiday group that travelled from Penzance to Naples last summer. She said the news that the data was for sale on the dark web \u201cdid freak me out\u201d, and she was worried about getting a new passport in time for her summer travel plans.<\/p>\n<p class=\"dcr-130mj7b\">\u201cI genuinely have no idea how serious this is,\u201d she said, requesting anonymity. \u201cDo I really need to spend my money doing all this? No one wants to spend \u00a3100 when they don\u2019t have to. If the official advice is to get a new passport, there does need to be some sort of compensation.\u201d<\/p>\n<p class=\"dcr-130mj7b\">Eurail is the Dutch company that sells Interrail passes that people use for holidays across Europe. A seven-day pass allowing rail travel in 33 countries from the northern tip of Norway to the southern shores of Turkey costs \u20ac286 for people aged up to 28, \u20ac381 for 28- to 59-year-olds and \u20ac343 for people 60 and over. Two children under 12 can travel free with an adult.<\/p>\n<p class=\"dcr-130mj7b\">Gerard Tubb, 64, a former broadcast journalist from Yorkshire who had bought Interrail tickets to travel with his wife to the south of France last year, had his data stolen. He said: \u201cThe concern is what can people do with that amount of information. It seems an awful lot \u2013 everything to persuade someone they are me.\u201d<\/p>\n<p class=\"dcr-130mj7b\">Eurail told affected customers this week to \u201cremain extra vigilant for unexpected or suspicious phone calls, emails, or text messages asking for personal information\u201d and to update the password they use to access the Rail Planner app and change email, social media and banking passwords.<\/p>\n<p class=\"dcr-130mj7b\">\u201cWe take the security of your data seriously and regret any concern this incident may cause,\u201d it said.<\/p>\n<p class=\"dcr-130mj7b\">But Tubb said: \u201cThey didn\u2019t take the security of my data seriously and what value is the regret? Who is going to pick up the pieces if someone uses that material?\u201d<\/p>\n<p class=\"dcr-130mj7b\">Writing <a href=\"https:\/\/www.reddit.com\/r\/Interrail\/comments\/1rucip9\/what_happened_to_the_severe_data_breach_at\/\" data-link-name=\"in body link\" rel=\"nofollow noopener\" target=\"_blank\">on Reddit<\/a>, another affected customer said: \u201cI am currently an exchange student in different country so I can\u2019t even get a new passport so I am scared.\u201d Another said: \u201cIs there a way we can collectively get together to get compensation. At least some compensation to get a new passport would be nice.\u201d<\/p>\n<p class=\"dcr-130mj7b\">One user said they had written to Eurail\u2019s chief executive in the Netherlands demanding compensation under article 82 of the General Data Protection Regulation (GDPR). Eurail and the <a href=\"https:\/\/www.theguardian.com\/politics\/home-office\" data-link-name=\"in body link\" data-component=\"auto-linked-tag\" rel=\"nofollow noopener\" target=\"_blank\">Home Office<\/a> have been approached for comment.<\/p>\n<p class=\"dcr-130mj7b\">Eurail said it was still in the process of notifying affected customers, but said all of those whose details appeared in the sample dataset published on Telegram had been informed.<\/p>\n<p class=\"dcr-130mj7b\">\u201cPreventing and mitigating any potential impact on our customers remains our highest priority,\u201d a spokesperson said. \u201cAs part of our response, we are advising customers to remain vigilant for suspicious communications, update their passwords and monitor their accounts for any unusual activity. We apologise for the unease this incident may cause and remain committed to protecting our customers\u2019 data.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"Holidaymakers across Europe are facing the stress and expense of getting new passports after their personal data was&hellip;\n","protected":false},"author":2,"featured_media":546464,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[59,86,56,54,55],"class_list":{"0":"post-546463","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-gb","9":"tag-technology","10":"tag-uk","11":"tag-united-kingdom","12":"tag-unitedkingdom"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/546463","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/comments?post=546463"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/546463\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media\/546464"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media?parent=546463"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/categories?post=546463"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/tags?post=546463"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}