Security News > 2020 > June > Amtrak breached, some customers’ logins and PII potentially exposed
Amtrak, the national rail service for the US, has suffered a data breach that may have exposed some customers' logins and other personally identifiable information, the service has disclosed.
The rewards program enables customers to earn points - by spending on travel, hotels, car rentals and more - that they can then apply to Amtrak purchases.
Amtrak revealed the breach on Friday in a regulatory filing - namely, a sample letter to consumers about the breach - with the Office of the Vermont Attorney General.
To help protect customers from identity theft, Amtrak is offering consumers a free year of fraud monitoring from Experian.
It's quite possible that Amtrak wasn't breached itself but that its customers reused their logins across multiple sites/services/accounts, one or more of which may have been breached.