Magazine Button
Vermont’s National Railroad Passenger Corporation confirms data breach

Vermont’s National Railroad Passenger Corporation confirms data breach

DataEnterprise SecurityLatest ThreatsTop Stories
Vermont's National Railroad Passenger Corporation confirms data breach

The National Railroad Passenger Corporation (Amtrak) in Vermont has disclosed a data breach that may have resulted in the compromise of customer personally identifiable information (PII).

The data breach was discovered on April 16, 2020. In a letter to the Attorney General’s Office of Vermont, the rail service said that an unknown third party managed to fraudulently access Amtrak Guest Rewards accounts. The Amtrak Guest Rewards service allows passengers to rack up points when they travel to exchange for discounts, hotels, and gift cards, among other offerings. Amtrak promptly fixed the issue.

Sam Curry, Chief Security Officer at Cybereason, said “In the old days we used to say that ‘loose lips sink ships’, but in this day and age ‘a loose click kills quick’ – and while details regarding Amtrak’s reported breach are still being made public, only time will tell how many passengers are impacted by having their PII stolen. Amtrak is undoubtedly suffering in the current COVID-19 pandemic from a near halt of business and personal travel across the U.S. and this particular breach, while extremely painful for the company and its impacted customers, will strengthen Amtrak’s resolve and help them improve their security defences.

“From what I am reading, Amtrak has been proactive in its notification approach. Perhaps the negative headlines and fallout from this newest breach disclosure will also be a wake-up call to other track operators and the entire rail system in this country to assess their current security hygiene and to make sure their security analysts have the tools to identify malicious and abnormal looking behaviour immediately, giving them a chance to assess risk and then remediate any incidents.”

Click below to share this article

Browse our latest issue

Intelligent CISO

View Magazine Archive