Amtrak Guest Reward suffers a data breach

Amtrak discloses unauthorized third-party access to Amtrak Guest Rewards accounts

The National Railroad Passenger Corporation, also known as Amtrak, revealed that some of its customers had their personal information and user credentials stolen after the company detected unauthorized third-party access to Amtrak Guest Rewards accounts. The breach was discovered by Amtrak on April 16 and was revealed in a letter to the Attorney General's Office of Vermont.

“On the evening of April 16, 2020, Amtrak determined that an unknown third party gained unauthorized access to certain Amtrak Guest Rewards accounts,” the letter explains. “We have determined that compromised usernames and passwords were used to access certain accounts and some personal information may have been viewed. No financial data, credit card information or Social Security numbers were compromised.”

Amtrak’s IT security team was able to terminate the unauthorized access within hours and has since reset passwords for all impacted accounts. External cybersecurity professionals and law enforcement are investigating the source of the breach. In a statement, Amtrak explained it’s "[taking] this matter very seriously and is taking steps to help prevent incidents like this from happening again." 

In response to the data breach, Amtrak is also offering to pay for a year’s membership to Experian’s IdentityWorks fraud-monitoring service. To take advantage of Amtrak’s offer, affected users must visit the Experian IdentityWorks website to enroll by Aug. 31. By enrolling in the program, affected customers will receive complimentary access to credit monitoring and identity restoration services.

This isn’t the first time Amtrak has notified authorities of a suspected breach. In 2018, Amtrak reported Orbitz had suffered a security incident exposing customers’ personal information. Then, in 2019, Amtrak discovered critical vulnerabilities within its mobile app. Had hackers exposed the vulnerabilities, it could have led to a breach of six million Amtrak Guest Rewards accounts, researchers said at the time.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Security researchers take control of a Tesla via drone
ethical hacking

Security researchers take control of a Tesla via drone

5 May 2021
New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
Hackers could abuse legitimate Windows AD FS to steal data
Microsoft Windows

Hackers could abuse legitimate Windows AD FS to steal data

28 Apr 2021
Average ransomware costs have more than doubled in 2021
ransomware

Average ransomware costs have more than doubled in 2021

28 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Dell patches vulnerability affecting hundreds of computer models worldwide
cyber security

Dell patches vulnerability affecting hundreds of computer models worldwide

5 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021