United States railway operator, Amtrak hacked, hackers have access to passengers information
The webservers of the biggest railway operator of the United States, Amtrak were hacked last month by unknown hackers.
The National Railroad Passenger Corporation which offers goods and passenger services to Americans under the brand name, Amtrak today disclosed the data breach in a press statement. They say that the unknown hackers may have stolen personal identifiable information of Amtrak passengers.
According to Amtrak, the hack attack took place on 16th April 2020 and was discovered by the Amtrak cybersecurity team on the same day. Preliminary investigations indicate that the hackers used either credential stuffing or brute-force to break into the Amtrak servers. Amtrak investigators immediately stopped the hack attack after it was discovered.
In a letter to the Attorney General’s Office of Vermont, made public on April 29, the rail service said that the unknown hackers managed to fraudulently access Amtrak Guest Rewards accounts. Amtrak did not disclose how many Amtrak patrons could be affected by this data breach.
According to Amtrak, the personal identifiable information was in plaintext and could be misused by the hackers for extortion, stalking, and hacking. Amtrak stated that passengers’ social security numbers, credit card information, and other financial data was not involved in the data leak.
The primary target of the hackers seems to be the Amtrak Guest Rewards accounts. The Amtrak Guest Rewards service allows Amtrak passengers to get points for their travel which they can exchange for discounts, hotels, and gift cards, among other offerings.
Amtrak said it was informing the Amtrak Guest Rewards account users about the data breach and has asked every Amtrak customer to do a forced password reset. It is also suggested you keep an eye out for suspicious transactions on your Debit/Credit card statements and Bank accounts.