The National Railroad Passenger Corporation (Amtrak) fell for a data breach that led to the exposure of the personal information of some Guest Rewards members.
Amtrak, a high-speed intercity passenger rail provider, and an independent US government agency operate a nationwide rail network in 46 states, the District of Columbia, and three Canadian provinces, with 30 million customers during the last nine years.
On April 16, 2020, an unknown third party gained unauthorized access to certain Amtrak Guest Rewards accounts.
Compromised usernames and passwords were used to access certain accounts and some personal information had been viewed.
TPRM report: https://scoringcyber.rankiteo.com/company/amtrak
"id": "amt244123",
"linkid": "amtrak",
"type": "Data Leak",
"date": "04/2020",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'customers_affected': 'Some Guest Rewards members',
'industry': 'Transportation',
'location': ['46 States',
'District of Columbia',
'Three Canadian Provinces'],
'name': 'Amtrak',
'size': '30 million customers during the last nine '
'years',
'type': 'Government Agency'}],
'attack_vector': 'Unauthorized Access',
'data_breach': {'type_of_data_compromised': 'Personal Information'},
'date_detected': '2020-04-16',
'description': 'The National Railroad Passenger Corporation (Amtrak) fell for '
'a data breach that led to the exposure of the personal '
'information of some Guest Rewards members.',
'impact': {'data_compromised': 'Personal Information'},
'threat_actor': 'Unknown Third Party',
'title': 'Amtrak Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Compromised Usernames and Passwords'}