Something doesn't look right?

Amtrak Data Breach Jun 2024

No known CVEs used

Subscribe for weekly updates

Security Incident Summary

Severity Score

Significant

Organization

Amtrak

Threat Actor

Unknown

Actor Type

Unknown

Type of Breach

Credential Stuffing

News Timeline

Jun 19, 2024

TTPs Disclosure

Amtrak confirms crooks are breaking into accounts using creds swiped from other DBs theregister.com - Between May 15-18, Amtrak's Guest Rewards program experienced a credential stuffing attack in which attackers used valid stolen credentials from third-party sources to access user accounts, potentiall...
Show more

TTP

Credential Stuffing

TTPs Disclosure

Amtrak Says Guest Rewards Accounts Hacked in Credential Stuffing Attacks securityweek.com - Amtrak's Guest Rewards Accounts were breached through credential stuffing attacks, where usernames and passwords obtained from third-party sources were used to gain access between May 15 and May 18, 2...
Show more

TTP

Credential Stuffing

Organization Details

Organization Size

17500

HQ Location

Washington, D.C.

Industry

Transportation

Security Stack used by Amtrak at time of breach (best approximation) Why?

Network Security

VPN/SASE

IDS/IPS

Endpoint Security

EDR

MDM

Identity Management

SSO / MFA

IGA

Application Security

WAF

SCA

Cloud Security

CASB

CWPP

SIEM / Threat Intel

SIEM

TIP

Not right? Contribute more accurate data

What is Amtrak?

Amtrak, officially known as the National Railroad Passenger Corporation, is a government-owned corporation that provides intercity passenger train services in the United States. Established on May 1, 1971, Amtrak was created to preserve and revitalize passenger rail service at a time when such servi...
Show more

Learn more about recent incidents

9 / 10

Okta Oct, 2023

No known CVEs used

Subscribe for weekly updates

Security Incident Summary

Severity Score

Insignificant

Organization

Threat Actor

Actor Type

Type of Breach

Organization Details

Organization Size

HQ Location

Industry