Amtrak Customer Data Leaked Following Salesforce Environment Compromise
Learn More
The National Railroad Passenger Corporation, known as Amtrak, is the subject of a significant data breach claim involving millions of customer records. The incident was reported when Have I Been Pwned (HIBP) added a new entry on April 18, 2026, following a public leak by the ShinyHunters threat group.
The attackers threatened to release the data on April 14, 2026, after ransom negotiations with the railroad company reportedly collapsed.
The threat actors gained access to Amtrak’s systems through social engineering attacks targeting company employees earlier in 2026. The attack allowed the group to steal credentials and compromise the organization's Salesforce environment. The compromised data includes:
- Full names
- 2.1 million unique email addresses
- Physical street addresses
- Customer support ticket details
- Internal corporate records and PII
The threat actor claims to have stolen 9.4 million records in total, though HIBP analysis identified 2.1 million unique email entries.
Amtrak has not publicly acknowledged the breach or confirmd the authenticity of the leaked files at the time of reporting. Troy Hunt of HIBP confirmed the legitimacy of the data after reviewing the leaked material, noting that approximately 80% of the information had appeared in previous breaches.
