Amtrak Guest Reward suffers a data breach

Amtrak discloses unauthorized third-party access to Amtrak Guest Rewards accounts

The National Railroad Passenger Corporation, also known as Amtrak, revealed that some of its customers had their personal information and user credentials stolen after the company detected unauthorized third-party access to Amtrak Guest Rewards accounts. The breach was discovered by Amtrak on April 16 and was revealed in a letter to the Attorney General's Office of Vermont.

“On the evening of April 16, 2020, Amtrak determined that an unknown third party gained unauthorized access to certain Amtrak Guest Rewards accounts,” the letter explains. “We have determined that compromised usernames and passwords were used to access certain accounts and some personal information may have been viewed. No financial data, credit card information or Social Security numbers were compromised.”

Amtrak’s IT security team was able to terminate the unauthorized access within hours and has since reset passwords for all impacted accounts. External cybersecurity professionals and law enforcement are investigating the source of the breach. In a statement, Amtrak explained it’s "[taking] this matter very seriously and is taking steps to help prevent incidents like this from happening again." 

In response to the data breach, Amtrak is also offering to pay for a year’s membership to Experian’s IdentityWorks fraud-monitoring service. To take advantage of Amtrak’s offer, affected users must visit the Experian IdentityWorks website to enroll by Aug. 31. By enrolling in the program, affected customers will receive complimentary access to credit monitoring and identity restoration services.

This isn’t the first time Amtrak has notified authorities of a suspected breach. In 2018, Amtrak reported Orbitz had suffered a security incident exposing customers’ personal information. Then, in 2019, Amtrak discovered critical vulnerabilities within its mobile app. Had hackers exposed the vulnerabilities, it could have led to a breach of six million Amtrak Guest Rewards accounts, researchers said at the time.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

100 million IoT devices affected by zero-day flaw
Internet of Things (IoT)

100 million IoT devices affected by zero-day flaw

24 Sep 2021
New FamousSparrow hacking group caught targeting hotels
vulnerability

New FamousSparrow hacking group caught targeting hotels

24 Sep 2021
Dual citizen sentenced to 11 years for role in North Korean crypto hacking scheme
hacking

Dual citizen sentenced to 11 years for role in North Korean crypto hacking scheme

10 Sep 2021
IoT devices are more vulnerable than ever
Internet of Things (IoT)

IoT devices are more vulnerable than ever

10 Sep 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

17 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

17 Sep 2021