Security News > 2020 > June > Amtrak Discloses Security Incident Involving Guest Reward Accounts
U.S. passenger railroad service Amtrak last week started informing some customers that their personal information may have been compromised as a result of unauthorized access to Guest Reward accounts.
The company determined that hackers gained access to some customers' Guest Reward accounts using compromised usernames and passwords, which likely means that the attackers relied on the fact that many users have set the same username and password combination for multiple online accounts and their credentials were stolen in a previous breach.
Amtrak pointed out that social security numbers, payment card information or other financial data were not compromised as a result of the incident.
Amtrak Guest Reward accounts can store information such as name, email address, phone number, billing address, mailing address, coupons, and trip data.
In response to the breach, Amtrak has reset the passwords of affected accounts and says it's taking steps to prevent such incidents in the future.