"Amtrak Breached, Some Customers’ Logins And PII Potentially Exposed"

Amtrak, the national rail service for the US, has suffered a data breach.   A third party got unauthorized access to some Amtrak Guest Rewards accounts on the evening of April 16.  Researchers discovered that the adversary used compromised usernames and passwords to access some rewards accounts and that they may have also viewed customer's personal information.  The adversaries did not access financial data such as credit card information or Social Security taxpayer IDs.  

Naked Security reports: "Amtrak Breached, Some Customers’ Logins And PII Potentially Exposed"