Amtrak’s recent data breach has brought to light a concerning security issue for train travelers who are members of the Guest Rewards program. According to a breach-disclosure notice filed with the state of Massachusetts, an unknown third party gained unauthorized access to a database containing account information between May 15-18. The national passenger rail service emphasized that there was no hack of Amtrak systems, but rather compromised usernames and passwords from prior breaches were likely used to access certain accounts.
The compromised information includes a plethora of sensitive data such as names, contact information, Amtrak Guest Rewards account numbers, dates of birth, payment details (including partial credit card numbers and expiration dates), gift card information (such as card numbers and PINs), and information about transactions and trips. In some instances, hackers took control of accounts and changed emails and passwords to lock legitimate users out, but Amtrak was able to address this by reverting the email address and initiating a password reset for affected accounts.
Although Amtrak did not specify the exact number of individuals impacted by the breach, they strongly advised riders to change their passwords regularly and implement multifactor authentication to prevent unauthorized access and takeovers of their accounts. Stuart Wells, the Chief Technology Officer at Jumio, highlighted the growing trend of threat actors targeting travel loyalty programs for financial gain. He emphasized the importance of enhancing security measures to protect consumer data and prevent fraudulent activities.
This incident is not the first time Amtrak has faced a data breach involving Guest Rewards accounts. In 2020, the company disclosed a similar breach where personal information may have been viewed by unauthorized parties. Despite swiftly addressing the threat and removing the threat actor from the system, it underscores the ongoing vulnerability of customer data to cyber threats.
Jumio’s Wells also stressed the need for businesses to adopt advanced verification technologies, such as biometric verification, to enhance the protection of sensitive user data. By implementing robust identity verification systems, businesses can effectively combat fraud and safeguard consumer accounts from unauthorized access.
As cyber threats continue to evolve, organizations must stay vigilant in protecting user data and implementing stringent security measures to prevent data breaches and unauthorized access. By prioritizing data security and adopting innovative authentication methods, businesses can mitigate the risks associated with cyber threats and safeguard customer information from potential breaches.