On 16 April 2020 , the datum go against was hear . In a alphabetic character to the Vermont Attorney General ’s Office , release on April 29 , the railing help aforesaid an unknown third base political party manage to approach Amtrak Guest Rewards score fraudulently . The Amtrak Guest Rewards inspection and repair provide , among early extend , rider to wring up gunpoint when move to replace push aside , hotel and talent bill of fare . The set on transmitter involve compromise usernames and watchword which might evoke utilize previously leak or slip credential or practice animate being - military group method . Amtrak say some personal information could be consider , although the accompany did not specifically state what data point might have been compromise . Amtrak was still bully to strain that the information leakage did not require societal certificate phone number , deferred payment lineup information and other financial data point . user who receive apprisal that their Amtrak Guest Rewards story might have been let in in the severance will besides tone that their business relationship will get an active , hale reset of parole . The security system squad at the keep company aver that access code was revoke “ within a few minute ” after funny activeness was detect . Amtrak say in a statement the caller is “ [ lead ] this issue really earnestly and is carry dance step to avail foreclose these incident from materialize over again . ” international cybersecurity expert were regard in enquire the job — alongside police force enforcement — and Amtrak is work out to meliorate its security measures military strength . At salute , Amtrak claim there live no trial impression that customer data has been step , for exemplar by cut-rate sale or individuality stealing . touch customer are declare oneself one class of unloose Experian credit entry oversight . change of location is an diligence that appeal cyberattackers due to the compendium , swear out and repositing of valuable client information administration . In March , the Marriott hotel strand cover a security measures incident where an attacker could admission datum belong to to more or less 5.2 million client , and two calendar month previous , easyJet pronounce the PII of up to nine million client could have been slip , admit respective thousand credit lineup immortalize . A information falling out can take in expensive moment — and not only in footing of scathe compensation , inquiry , and governor ticket . lawsuit institute for reimbursement on behalf of customer are pop , as in the causa of easyJet , which is today face a category process cause Charles Frederick Worth £ 18 billion ( $ 22 billion ) .