http://www.digitaljournal.com/tech-and-science/technology/transport-firm-amtrak-hit-by-significant-data-breach/article/572627

Transport firm Amtrak hit by significant data breach Special

Posted Jun 3, 2020 by Tim Sandle
Amtrak, the U.S. public transportation unit, announced that it has suffered a data breach causing Amtrak to reset user passwords after a Guest Rewards data breach.
Amtrack rail services between New York and Philadelphia.
Amtrack rail services between New York and Philadelphia.
Stephen Jaffe, AFP/File
In terms of the significance of the data breach, the data obtained from the incident extended to consumer’s personal information, potentially exposing consumers to cyberattacks, as reported by Bleeping Computer. Amtrak is a high-speed intercity passenger rail provider and an independent U.S. government agency, operating a nationwide rail network in 46 states.
Looking into the incident for Digital Journal, Jumio CEO, Robert Prigge raises concerns that some hacker groups have already began using the data: "Amtrak's breached Guest Rewards usernames and passwords have already been used by fraudsters to access accounts and view personal information."
Prigge then considers the inherent weakness in the company's systems, noting: "It is clear these traditional authentication methods cannot be trusted to keep accounts secure, as hackers can easily log in with stolen passwords, and there's no way to confirm the legitimate user is the one accessing the account."
In terms of the actions taken by the transportation firm, Prigge says that more needs to be done: "Amtrak's response is simply not enough to keep their 30 million user accounts safe."
This is because it is straightforward for hackers to: "use the original password to access other user accounts, including banking, insurance, social media and more, where they can transfer funds, change passwords to lock the real user out and even use found personal information to commit identity theft."
Prigge also looks to the easing of the coronavirus lockdown as to why better cybersecurity is needed: "As train and air travel will likely increase when COVID-19 restrictions are lifted, the travel industry is a growing target for fraud." The solution to this is multifactor authentication or biometrics, according to Prigge.