Last updated 1 month ago
Amtrak, a United States passenger railroad service, suffered a data breach disclosed in April 2026. The incident exposed over 2.1 million unique email addresses along with names, physical addresses, and customer support records. The breach was publicly disclosed when the threat group dumped the data after an alleged ransom demand was not met.
The attack was carried out by the hacking group ShinyHunters, who compromised Amtrak's Salesforce instance. The group typically gains unauthorized access to Salesforce environments, demands a ransom, and then publicly releases the stolen data if payment is not made. The exfiltrated data included email addresses, names, physical addresses, and customer support records.
No further post-incident details such as regulatory actions, litigation, or ransom payment amounts were reported in the available information.
Compromised Salesforce instance via unauthorized access
Amtrak's breach underscores the critical need for robust access controls and monitoring of third-party SaaS platforms like Salesforce. The organization's failure to detect and prevent unauthorized access to its Salesforce instance allowed ShinyHunters to exfiltrate over 2 million records, including sensitive customer support data. This incident highlights the importance of implementing multi-factor authentication, regular security audits, and rapid incident response for cloud-based customer relationship management systems.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector
Threat Actor
Continent
Country
Industry
Attack Vector
Threat Actor