ShinyHunters Claims Breach of Amtrak, Threatens to Leak 9.4 Million Records
The hacking group ShinyHunters has added the National Railroad Passenger Corporation (Amtrak) to its data leak site, alleging the theft of 9.4 million records containing personally identifiable information (PII) and corporate data. The breach reportedly occurred via unauthorized access to Salesforce, a platform the group has previously exploited through social engineering attacks targeting employees.
While no samples of the stolen data have been publicly released, ShinyHunters has set a deadline of April 14 for a ransom payment, threatening to expose the information if demands are not met. The compromised data could include details from both Amtrak employees and customers, given the company’s role in ticket sales.
ShinyHunters has a history of high-profile breaches, including attacks on Mercer Advisors, Beacon Pointe Advisors, Cisco Systems, Hallmark, and Rockstar Games. The potential exposure of PII raises concerns about follow-on social engineering attacks, depending on the nature of the stolen records.
Source: https://www.scworld.com/brief/amtrak-allegedly-breached-by-shinyhunters-massive-data-leak-threatened
Salesforce cybersecurity rating report: https://www.rankiteo.com/company/salesforce
"id": "SAL1776299258",
"linkid": "salesforce",
"type": "Vulnerability",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Potentially employees and '
'customers',
'industry': 'Transportation',
'name': 'Amtrak (National Railroad Passenger '
'Corporation)',
'type': 'Corporation'}],
'attack_vector': 'Social Engineering',
'data_breach': {'number_of_records_exposed': '9.4 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Corporate Data']},
'description': 'The hacking group ShinyHunters has added Amtrak to its data '
'leak site, alleging the theft of 9.4 million records '
'containing personally identifiable information (PII) and '
'corporate data. The breach reportedly occurred via '
'unauthorized access to Salesforce, a platform the group has '
'previously exploited through social engineering attacks '
'targeting employees. The group has set a deadline of April 14 '
'for a ransom payment, threatening to expose the information '
'if demands are not met.',
'impact': {'brand_reputation_impact': 'Potential reputational damage',
'data_compromised': '9.4 million records',
'identity_theft_risk': 'High',
'systems_affected': 'Salesforce'},
'initial_access_broker': {'entry_point': 'Salesforce'},
'motivation': 'Ransom',
'ransomware': {'data_exfiltration': 'Yes',
'ransom_demanded': 'Yes (deadline: April 14)'},
'references': [{'source': 'Cyber Incident Description'}],
'threat_actor': 'ShinyHunters',
'title': 'ShinyHunters Claims Breach of Amtrak, Threatens to Leak 9.4 Million '
'Records',
'type': 'Data Breach',
'vulnerability_exploited': 'Unauthorized access to Salesforce'}