On June 14, 2024, the National Railroad Passenger Corporation d/b/a Amtrak (“Amtrak”) filed a notice of data breach with the Attorney General of Massachusetts after discovering that an unauthorized user may have used customers’ login credentials to access their Amtrak Guest Rewards accounts. In this notice, Amtrak explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, contact information, Amtrak Guest Rewards account numbers, dates of birth, partial credit card numbers and expiration dates, gift card information and information about their Amtrak travel. Upon completing its investigation, Amtrak began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from Amtrak, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Amtrak data breach. For more information, please see our recent piece on the topic here.
What Caused the Amtrak Data Breach?
The Amtrak data breach was only recently announced, and more information is expected in the near future. However, Amtrak’s filing with the Attorney General of Massachusetts provides some important information on what led up to the breach. According to this source, on May 15, 2024, Amtrak learned that an unauthorized party may have used Amtrak customer login credentials to gain access to customers’ Amtrak Guest Rewards account.
In response, Amtrak secured all affected accounts and then launched an investigation to learn more about the incident and determine what, if any, customer information may have been compromised as a result. Ultimately, Amtrak’s investigation confirmed that an unauthorized party accessed certain customers’ Guest Rewards accounts between May 15, 2024 and May 18, 2024.
After learning that sensitive consumer data was accessible to an unauthorized party, Amtrak reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, contact information, Amtrak Guest Rewards account number, date of birth, partial credit card number and expiration date, gift card information and information about your Amtrak travel.
On June 14, 2024, Amtrak sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About Amtrak
Founded in 1971, the National Railroad Passenger Corporation, better known as Amtrak, is a passenger railroad service based out of Washington, D.C. Amtrak operates rail service in 46 U.S. states and three Canadian provinces. Amtrak’s network includes more than 500 stations and 21,000 miles of track. Amtrak employs more than 21,700 people and generates approximately $3.6 billion in annual revenue.
