Even with the travel restrictions prompted by the COVID-19 pandemic, the travel industry is once again tainted by a security incident that resulted in the leak of personal identifiable information found in Amtrak’s Guest Rewards service.
According to a Notice of Data Breach sent to the Attorney General’s Office of Vermont, The National Railroad Passenger Corporation discovered the security incident on April 20.
“On the evening of April 16, 2020, Amtrak determined that an unknown third party gained unauthorized access to certain Amtrak Guest Rewards accounts,” the letter reads. Although the company didn’t say how many account were breached, the notification states that “compromised usernames and passwords were used to access certain accounts and some personal information may have been viewed.”
However, it says, “no financial data, credit card information or Social Security numbers were compromised.”
Amtrak also said its security team managed to terminate the unauthorized access a few hours after detecting the suspicious activity, and promptly reset the passwords of affected member accounts. They also engaged a team of cybersecurity experts to oversee the implementation of protective measures to safeguard customer accounts and fend off any future attacks.
Affected customers were offered a free 12-month enrollment for identity theft monitoring services that can be activated until August 31. Additionally, all Amtrak customers are advised to remain vigilant for fraudulent activity and review their account statements regularly. Customers with compromised Guest Rewards accounts should set up a strong and unique password, and maintain good cyber hygiene.
As with any data leak, reviewing online accounts that share the same credentials is necessary. More often than not, cyber crooks will try their luck and attempt to access additional accounts that share the same email address. While some online accounts may seem unworthy of a hacker’s attention, every piece of information can be used in their attacks.
Be on the lookout for phishing emails, and never provide PII to unverified sources. As staying safe online has become more difficult, always take precautionary measures. Install a local security solution on all Internet-enabled devices and never open attachments received from unfamiliar correspondents.
Here at Bitdefender we focus on protecting your devices from malicious activity and threats of all kinds. Now more than ever, we need autonomy and safety as we interact with the world through our internet-enabled devices. That’s why we have extended the trial for our best security suite, ensuring that you can take care of your family’s devices for up to 90 days. If you’re already set up, why not make an unexpected gift to your loved ones who might not be aware of emerging cyber threats?