Amtrak had some of its Guest Rewards customers' data compromised following a credential-stuffing attack last month, The Register reports.
Infiltration of Amtrak Guest Rewards accounts through credentials obtained from third-party sources may have enabled threat actors to access users' names, birthdates, email addresses, contact details, account numbers, previous Amtrak journey details, payment information, and gift card details, according to Amtrak, which emphasized that its systems were not affected by the incident.
The incident has already prompted Amtrak to implement password resets, email address changes, and two-factor authentication for impacted accounts. Individuals whose Amtrak Guest Rewards accounts have been compromised were also urged to use unique and more complex passwords, as well as replace the credentials of other online accounts with similar usernames and passwords. Such an incident comes four years after a breach of Amtrak's rewards pr
