HM Passport Office has advised UK tourists to cancel their passports following a major data breach at Eurail, the company behind Interrail passes. The breach, which occurred in December, has put approximately 300,000 travellers at risk of identity fraud.
Data Offered for Sale on Dark Web
Eurail confirmed that customer data stolen during the security incident is now being offered for sale on the dark web. A sample dataset has also been published on Telegram. The UK Passport Office has instructed at least one affected customer to cancel their passport to prevent fraudulent use.
Customer Reactions
One customer described the situation as an "absolute nightmare," while another expressed uncertainty about the severity of the breach. A third affected traveller questioned whether they should spend money on a new passport, stating, "No one wants to spend £100 when they don't have to." Another customer, currently an exchange student abroad, said they cannot obtain a new passport and feel scared.
Customers are calling for compensation to cover the cost of replacing passports. One Reddit user asked, "Is there a way we can collectively get together to get compensation? At least some compensation to get a new passport would be nice."
Company Response
Eurail has urged affected customers to remain vigilant against suspicious phone calls, emails, or text messages requesting personal information. The company stated, "We take the security of your data seriously and regret any concern this incident may cause." However, Eurail declined to share further details about the breach, which occurred on December 26 when hackers copied data from their systems.
A spokesperson confirmed that customers whose data was included in the sample dataset are being informed directly where contact details are available.
