by Lisa Vaas
Amtrak, the national rail service for the US, has suffered a data breach that may have exposed some customers’ logins and other personally identifiable information (PII), the service has disclosed.
The state-backed transportation company, which is also known as the National Railroad Passenger Corporation, says that a third party got unauthorized access to some Amtrak Guest Rewards accounts on the evening of 16 April. The rewards program enables customers to earn points – by spending on travel, hotels, car rentals and more – that they can then apply to Amtrak purchases.
Amtrak revealed the breach on Friday in a regulatory filing – namely, a sample letter to consumers about the breach – with the Office of the Vermont Attorney General.
The service said that it determined that the intruder used compromised usernames and passwords to access some reward accounts and that they may have also viewed customers’ personal information. However, the attacker didn’t access financial data, be it credit card information or Social Security taxpayer IDs.
Amtrak said that its security team immediately investigated the issue, stitching up the hole and blocking the unauthorized access within a few hours. Its security team also reset passwords on potentially affected accounts and pulled in outside cybersecurity expertise in order to ensure that the incident was in fact contained. Amtrak says it also implemented “additional safeguards to protect customers,” but it didn’t give any detail on what its new safeguards are.
To help protect customers from identity theft, Amtrak is offering consumers a ..
Support the originator by clicking the read the rest link below.
