Jump to content
David H. Lipman

Amtrak discloses data breach, potential leak of customer account data

Recommended Posts

Amtrak discloses data breach, potential leak of customer account data

 

"The National Railroad Passenger Corporation (Amtrak) has disclosed a data breach that may have resulted in the compromise of customer personally identifiable information (PII).
The data breach was discovered on April 16, 2020. In a letter to the Attorney General's Office of Vermont, made public on April 29, the rail service said that an unknown third party managed to fraudulently access Amtrak Guest Rewards accounts.

The Amtrak Guest Rewards service allows passengers to rack up points when they travel to exchange for discounts, hotels, and gift cards, among other offerings.

The attack vector involved was compromised usernames and passwords, which may suggest the use of credentials previously leaked or stolen, or the use of brute-force methods. 

Amtrak says that some personal information was viewable, although the company has not specifically said what data may have been compromised. However, Amtrak was keen to emphasize that Social Security numbers, credit card information, and other financial data was not involved in the data leak. 

Users that receive a notice that their Amtrak Guest Rewards account was potentially included in the breach will also note that their accounts will have an active, forced password reset.

The company's security team said that after detecting suspicious activity, access was revoked "within a few hours."

In a statement, Amtrak said the firm is "[taking] this matter very seriously and is taking steps to help prevent incidents like this from happening again."

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.