Amtrak Guest Reward suffers a data breach

Amtrak discloses unauthorized third-party access to Amtrak Guest Rewards accounts

The National Railroad Passenger Corporation, also known as Amtrak, revealed that some of its customers had their personal information and user credentials stolen after the company detected unauthorized third-party access to Amtrak Guest Rewards accounts. The breach was discovered by Amtrak on April 16 and was revealed in a letter to the Attorney General's Office of Vermont.

“On the evening of April 16, 2020, Amtrak determined that an unknown third party gained unauthorized access to certain Amtrak Guest Rewards accounts,” the letter explains. “We have determined that compromised usernames and passwords were used to access certain accounts and some personal information may have been viewed. No financial data, credit card information or Social Security numbers were compromised.”

Amtrak’s IT security team was able to terminate the unauthorized access within hours and has since reset passwords for all impacted accounts. External cybersecurity professionals and law enforcement are investigating the source of the breach. In a statement, Amtrak explained it’s "[taking] this matter very seriously and is taking steps to help prevent incidents like this from happening again." 

In response to the data breach, Amtrak is also offering to pay for a year’s membership to Experian’s IdentityWorks fraud-monitoring service. To take advantage of Amtrak’s offer, affected users must visit the Experian IdentityWorks website to enroll by Aug. 31. By enrolling in the program, affected customers will receive complimentary access to credit monitoring and identity restoration services.

This isn’t the first time Amtrak has notified authorities of a suspected breach. In 2018, Amtrak reported Orbitz had suffered a security incident exposing customers’ personal information. Then, in 2019, Amtrak discovered critical vulnerabilities within its mobile app. Had hackers exposed the vulnerabilities, it could have led to a breach of six million Amtrak Guest Rewards accounts, researchers said at the time.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020
Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020
British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020

Most Popular

Windows XP source code allegedly leaked online
Microsoft Windows

Windows XP source code allegedly leaked online

25 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020