UPDATED 21:05 EDT / JUNE 01 2020

SECURITY

Customer information stolen in breach of Amtrak’s Guest Rewards program

Amtrak has suffered a data breach, with customer information stolen from its rewards program.

News of the data breach came via a filing Friday from Amtrak with the state of Vermont. It described the breach as involving as an unknown third-party gaining unauthorized access to certain Guest Rewards accounts. Personally identifiable information was accessed, but financial data, credit card information and Social Security numbers were not compromised.

Amtrak said the data breach involved compromised usernames and passwords, suggesting that those behind the attack may have used account credentials stolen from another site, since users often reuse passwords across different services.

The corporation added that it had fixed the issue, reset passwords for potentially affected accounts, hired outside cybersecurity experts to implement additional safeguards and informed law enforcement. Affected customers are also being offered a complimentary one-year membership of Experian IdentityWorks, a credit monitoring program.

The number of accounts compromised was not disclosed.

“Amtrak’s breached Guest Rewards usernames and passwords have already been used by fraudsters to access accounts and view personal information,” Robert Prigge, chief executive officer of identity verification company Jumio Corp., told SiliconANGLE. “It’s clear these traditional authentication methods can’t be trusted to keep accounts secure, as cybercriminals can easily log in with stolen passwords and there’s no way to confirm the legitimate user is the one accessing the account.”

Prigge added that Amtrak’s response isn’t enough to keep the user accounts safe. “Fraudsters can easily use the original password to access other user accounts, including banking, insurance, social media and more, where they can transfer funds, change passwords to lock the real user out and even use found personal information to commit identity theft,” he said. “As train and air travel will likely increase when COVID-19 restrictions are lifted, the travel industry is a growing target for fraud. It’s time for travel organizations to adopt stronger forms of authentication to keep their customer accounts secure.”

Photo: Vmenkov/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU