Amtrak has alerted an unknown number of Guest Rewards customers it suffered a data breach at the hands of an unknown third party that gained unauthorized access to certain accounts.
A notification letter signed by Vicky Radke, Amtrak’s senior director of Guest Rewards, and posted by the offices of the California and Vermont attorneys-general, informs impacted individuals that compromised usernames and passwords were used to hijack accounts and potentially view information. However, the company believes no financial data, credit card information or Social Security numbers were taken.
Amtrak says that after discovering the hack on April 16, its security team immediately investigated the issue and terminated the unauthorized access within a few hours. The company reset passwords for the potentially affected accounts, and engaged outside cybersecurity experts to confirm the breach was contained.
Impacted individuals were provided with a complimentary identity theft and credit monitoring protections. Customers must enroll by Aug. 31, 2020.