Amtrak Data Breach Exposes 2.1M Records, Reports Suggest Larger Leak

Amtrak experienced a data breach attributed to the ShinyHunters group after customer records from a CRM/Salesforce environment were accessed and posted online; at least 2.1 million accounts (potentially up to 9.4 million) with names, emails, addresses and support tickets were exposed, increasing risk of targeted phishing and identity-based fraud and prompting recommendations for password changes, MFA and monitoring.