SECURITY
SECURITY
SECURITY
Customer information stolen in breach of Amtrak’s Guest Rewards program
Amtrak has suffered a data breach, with customer information stolen from its rewards program.
News of the data breach came via a filing Friday from Amtrak with the state of Vermont. It described the breach as involving as an unknown third-party gaining unauthorized access to certain Guest Rewards accounts. Personally identifiable information was accessed, but financial data, credit card information and Social Security numbers were not compromised.
Amtrak said the data breach involved compromised usernames and passwords, suggesting that those behind the attack may have used account credentials stolen from another site, since users often reuse passwords across different services.
The corporation added that it had fixed the issue, reset passwords for potentially affected accounts, hired outside cybersecurity experts to implement additional safeguards and informed law enforcement. Affected customers are also being offered a complimentary one-year membership of Experian IdentityWorks, a credit monitoring program.
The number of accounts compromised was not disclosed.
“Amtrak’s breached Guest Rewards usernames and passwords have already been used by fraudsters to access accounts and view personal information,” Robert Prigge, chief executive officer of identity verification company Jumio Corp., told SiliconANGLE. “It’s clear these traditional authentication methods can’t be trusted to keep accounts secure, as cybercriminals can easily log in with stolen passwords and there’s no way to confirm the legitimate user is the one accessing the account.”
Prigge added that Amtrak’s response isn’t enough to keep the user accounts safe. “Fraudsters can easily use the original password to access other user accounts, including banking, insurance, social media and more, where they can transfer funds, change passwords to lock the real user out and even use found personal information to commit identity theft,” he said. “As train and air travel will likely increase when COVID-19 restrictions are lifted, the travel industry is a growing target for fraud. It’s time for travel organizations to adopt stronger forms of authentication to keep their customer accounts secure.”
Photo: Vmenkov/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
