This site is protected by reCAPTCHA and the Google
Terms of Service apply.
Amtrak last month experienced a data breach that led to the exposure of personal information of some of its Guest Rewards members, according to notices the national intercity railroad sent May 29 to customers whose accounts were accessed without authorization.
On April 16, Amtrak determined an unknown third party gained unauthorized access to the accounts, according to the notice from Vicky Radke, senior director of the Amtrak Guest Rewards program. Those receiving the notice included the California Office of the Attorney General.
"We have determined that compromised usernames and passwords were used to access certain accounts and some personal information may have been viewed. No financial data, credit card information or Social Security numbers were compromised," the notice stated.
Once the unauthorized access was detected, Amtrak's security team terminated the access and reset the passwords for potentially affected accounts.
"Amtrak engaged outside cybersecurity experts to confirm that the incident was contained and implemented additional safeguards to protect customers," Radke wrote.