Amtrak informed its Guest Rewards customers of the potential personal data leak resulting from “compromised usernames and passwords”.
The breach, says the letter, happened on April 16, 2020, whereas the letter was sent to the customers on May 29, 2020, more than a month and a half later.
The way the letter is worded leads to a strong likelihood that passwords weren’t properly encrypted. Also, waiting for over a month and a half to let the customers know is a bad form in this editors opinion.
Amtrak is offering compromised users a year of Experian’s IdentityWorks service to monitor for identity theft.
