Amtrak Details

    Organization Logo

    Amtrak

    Washington, D.C.17500 employees • Transportation

    https://www.amtrak.com/home.html

    Industry

    Transportation

    Security Incidents

    1

    Amtrak, officially known as the National Railroad Passenger Corporation, is a government-owned corporation that provides intercity passenger train services in the United States. Established on May 1, 1971, Amtrak was created to preserve and revitalize passenger rail service at a time when such services were being reduced by private railroad companies. Over the decades, Amtrak has become a significant mode of transportation, providing an alternative to air and automobile travel with a network covering over 500 destinations in 46 states and three Canadian provinces.

    The organization operates a ...
    Show more

    Security Incidents

    Amtrak Breach of Jun 2024
    Severity Score
    Significant

    Type

    Credential Stuffing

    Summary

    Amtrak's Guest Rewards program experienced a cyber security incident over three days between May 15-18, where attackers accessed user accounts using valid credentials obtained from third-party sources. The compromised data included email addresses, names, contact information, account numbers, dates of birth, partial credit card numbers, gift card details, and previous travel history. In response, Amtrak enforced mandatory two-factor authentication (2FA) and initiated password resets to enhance account security. Affected users were advised to update their passwords and monitor other accounts fo...
    Show more

    Severity

    The cybersecurity incident targeting Amtrak's Guest Rewards program showcased a sophisticated credential-stuffing attack that tapped into third-party breaches to access users' sensitive data. Over a three-day window, cybercriminals potentially accessed names, contact details, partial credit card information, and travel records, prompting Amtrak to enforce password resets and two-factor authentication for enhanced security. Despite Amtrak's internal systems remaining uncompromised, the significant exposure of user data underscores vulnerabilities associated with third-party integrations, placin...
    Show more

    Impact

    The recent data breach of the Amtrak Guest Rewards program demonstrated a significant exposure of customer data through a credential stuffing attack. Attackers, leveraging valid credentials obtained from third-party sources, accessed sensitive information including names, email addresses, contact details, dates of birth, partial credit card numbers, gift card data, and journey records. Although Amtrak's internal systems remained secure, the company was compelled to enforce mandatory two-factor authentication (2FA) and reset passwords to prevent further unauthorized access. While no intellectua...
    Show more

    KEEP YOUR ENVIRONMENT SECURE

    Weak credentials are the leading cause of breaches. Beyond Identity can help.

    See MFA exploits in action
    Watch how adversaries exploit companies in quick videos