Data security incident

Utrecht, The Netherlands, 10 January 2026

Eurail B.V. has unfortunately experienced a security breach within our systems that resulted in unauthorized access to customer data. Following the discovery, we immediately began work to secure our systems and initiated an investigation with the support of external cybersecurity specialists and legal advisors. We take this matter very seriously and are currently conducting a thorough investigation to determine the full scope of the incident and its potential impact on customers, which includes participants of the European Commission’s DiscoverEU action. 

The investigation is still ongoing. For Eurail and Interrail customers, our early review suggests that the data involved may include customer order and reservation information, including basic identity and contact details and, where provided, passport information. For DiscoverEU customers please refer to this statement.

The ongoing investigation will need to provide more information about the precise categories of personal data which are involved and to what extent personal data has also been copied from our customer database. There is currently no evidence that the data has been misused or publicly disclosed. This is consistently being monitored by external cybersecurity specialists.  

The incident has been reported to the data protection authority in line with European Union GDPR requirements, and we are in the process of notifying all other relevant data protection authorities outside of the EU (as required by law).  

Customers whose data may have been accessed will be informed directly. We take the security of our customers’ information seriously and regret any concern this incident may cause.  

For customer questions, please refer to the FAQs available via Eurail’s customer support centre, or contact privacyhelp@eurail.com