Amtrak recently disclosed a breach affecting its Guest Rewards accounts, where attackers used previously compromised credentials to access sensitive user data from May 15-18. Although Amtrak’s systems were not hacked directly, the unauthorized access exposed personal information including names, contact details, partial payment information, and travel history.
The attackers even altered account emails and passwords, though Amtrak quickly reversed these changes and reset passwords. The incident highlights the escalating threat to travel loyalty programs, often targeted for their lucrative points that can be sold or used fraudulently.
Amtrak urged users to rotate passwords and enable multifactor authentication (MFA). Cybersecurity expert Stuart Wells emphasized the need for advanced verification technologies, such as biometric verification, to better protect consumer accounts from fraud.