Identity, Data Security, Privacy

Amtrak Guest Rewards accounts breached

password to access personal user data, cybersecurity concept

Amtrak had some of its Guest Rewards customers' data compromised following a credential-stuffing attack last month, The Register reports.

Infiltration of Amtrak Guest Rewards accounts through credentials obtained from third-party sources may have enabled threat actors to access users' names, birthdates, email addresses, contact details, account numbers, previous Amtrak journey details, payment information, and gift card details, according to Amtrak, which emphasized that its systems were not affected by the incident.

The incident has already prompted Amtrak to implement password resets, email address changes, and two-factor authentication for impacted accounts. Individuals whose Amtrak Guest Rewards accounts have been compromised were also urged to use unique and more complex passwords, as well as replace the credentials of other online accounts with similar usernames and passwords. Such an incident comes four years after a breach of Amtrak's rewards pr

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.