Amtrak Guest Reward suffers a data breach

Amtrak discloses unauthorized third-party access to Amtrak Guest Rewards accounts

The National Railroad Passenger Corporation, also known as Amtrak, revealed that some of its customers had their personal information and user credentials stolen after the company detected unauthorized third-party access to Amtrak Guest Rewards accounts. The breach was discovered by Amtrak on April 16 and was revealed in a letter to the Attorney General's Office of Vermont.

“On the evening of April 16, 2020, Amtrak determined that an unknown third party gained unauthorized access to certain Amtrak Guest Rewards accounts,” the letter explains. “We have determined that compromised usernames and passwords were used to access certain accounts and some personal information may have been viewed. No financial data, credit card information or Social Security numbers were compromised.”

Amtrak’s IT security team was able to terminate the unauthorized access within hours and has since reset passwords for all impacted accounts. External cybersecurity professionals and law enforcement are investigating the source of the breach. In a statement, Amtrak explained it’s "[taking] this matter very seriously and is taking steps to help prevent incidents like this from happening again." 

In response to the data breach, Amtrak is also offering to pay for a year’s membership to Experian’s IdentityWorks fraud-monitoring service. To take advantage of Amtrak’s offer, affected users must visit the Experian IdentityWorks website to enroll by Aug. 31. By enrolling in the program, affected customers will receive complimentary access to credit monitoring and identity restoration services.

This isn’t the first time Amtrak has notified authorities of a suspected breach. In 2018, Amtrak reported Orbitz had suffered a security incident exposing customers’ personal information. Then, in 2019, Amtrak discovered critical vulnerabilities within its mobile app. Had hackers exposed the vulnerabilities, it could have led to a breach of six million Amtrak Guest Rewards accounts, researchers said at the time.

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

How the right software can improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021
Iranian hackers ramp up attacks against IT services sector
hacking

Iranian hackers ramp up attacks against IT services sector

19 Nov 2021
TikTok phishing campaign tried to scam over 125 influencer accounts
social media

TikTok phishing campaign tried to scam over 125 influencer accounts

18 Nov 2021
Alibaba ECS instances targeted in new cryptojacking campaign
cryptocurrencies

Alibaba ECS instances targeted in new cryptojacking campaign

16 Nov 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022