Industry - Data Breach
Executive Summary
Amtrak is dealing with a data breach after hackers claimed to have accessed and released customer records online, with at least 2.1 million unique accounts confirmed exposed, though some reports suggest the total could reach 9.4 million records. The exposed data includes names, email addresses, physical addresses, customer support tickets, and potentially travel-related details. The attack has been linked to the hacking group ShinyHunters, which reportedly gained access through Amtrak's Sales...
What Happened
Amtrak experienced a data breach in which hackers, reportedly the group ShinyHunters, accessed and released customer records online by exploiting access to Amtrak's Salesforce CRM system. The breach was added to Have I Been Pwned on April 17, 2026, and confirmed to expose at least 2.1 million unique email addresses along with names, physical addresses, customer support tickets, and potentially travel-related details. Some reports suggest the total dataset could include up to 9.4 million records, though Amtrak has not confirmed this larger figure.
Who Is Affected
Amtrak customers whose information was stored in the company's CRM system are affected, with at least 2.1 million unique accounts confirmed exposed. The exposed data includes personal contact information such as email addresses, physical addresses, names, and customer service interaction records. Customers who traveled with Amtrak and whose travel-related details were stored in the system face increased risk of targeted phishing and impersonation attempts.
Why It Matters
This breach demonstrates ongoing vulnerabilities in cloud-based CRM platforms that centralize large volumes of sensitive customer data, making them high-value targets for attackers. The exposed data can enable convincing phishing campaigns that reference past interactions or travel details, significantly increasing fraud risk. The incident adds to a pattern of attacks by ShinyHunters targeting Salesforce environments, highlighting systemic risks tied to SaaS platform security and access controls across organizations.
What You Should Do
If you are an Amtrak customer, immediately change passwords on any accounts where you may have reused credentials and enable two-factor authentication wherever possible. Monitor your financial accounts and email for suspicious activity, and be especially vigilant about emails or messages that reference your travel history or past customer service interactions. Treat any unsolicited communications claiming to be from Amtrak with skepticism, even if they contain accurate personal details, and verify authenticity through official channels before responding or clicking links.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.