Amtrak Guest Reward suffers a data breach
Amtrak discloses unauthorized third-party access to Amtrak Guest Rewards accounts
The National Railroad Passenger Corporation, also known as Amtrak, revealed that some of its customers had their personal information and user credentials stolen after the company detected unauthorized third-party access to Amtrak Guest Rewards accounts. The breach was discovered by Amtrak on April 16 and was revealed in a letter to the Attorney General's Office of Vermont.
“On the evening of April 16, 2020, Amtrak determined that an unknown third party gained unauthorized access to certain Amtrak Guest Rewards accounts,” the letter explains. “We have determined that compromised usernames and passwords were used to access certain accounts and some personal information may have been viewed. No financial data, credit card information or Social Security numbers were compromised.”
Amtrak’s IT security team was able to terminate the unauthorized access within hours and has since reset passwords for all impacted accounts. External cybersecurity professionals and law enforcement are investigating the source of the breach. In a statement, Amtrak explained it’s "[taking] this matter very seriously and is taking steps to help prevent incidents like this from happening again."
In response to the data breach, Amtrak is also offering to pay for a year’s membership to Experian’s IdentityWorks fraud-monitoring service. To take advantage of Amtrak’s offer, affected users must visit the Experian IdentityWorks website to enroll by Aug. 31. By enrolling in the program, affected customers will receive complimentary access to credit monitoring and identity restoration services.
This isn’t the first time Amtrak has notified authorities of a suspected breach. In 2018, Amtrak reported Orbitz had suffered a security incident exposing customers’ personal information. Then, in 2019, Amtrak discovered critical vulnerabilities within its mobile app. Had hackers exposed the vulnerabilities, it could have led to a breach of six million Amtrak Guest Rewards accounts, researchers said at the time.
Preparing for long-term remote working after COVID-19
Learn how to safely and securely enable your remote workforceDownload now
Cloud vs on-premise storage: What’s right for you?
Key considerations driving document storage decisions for businessesDownload now
Staying ahead of the game in the world of data
Create successful marketing campaigns by understanding your customers betterDownload now
Solutions that facilitate work at full speedDownload now