Amtrak has disclosed a breach in its frequent-passenger program that has exposed personally identifiable information of an undisclosed number of participants. The disclosure of the April 16 breach came as part of a regulatory filing with the Office of the Vermont Attorney General on May 29.
According to the filing, an unauthorized third party was able to gain access to information, including usernames and passwords, on the traveler program's site. Amtrak said that it shut down access within hours of its discovery.
Amtrak changed the passwords of all affected customers and has offered a year of Experian IdentityWorks identity theft monitoring to those individuals.
Read more details here.