Amtrak suffered a data breach affecting 2.1M accounts. Here's what happened, what data was exposed, and what you should do right now.

What Happened

In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak. The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly. The exposed data contained over 2M unique email addresses along with names, physical addresses and customer support records.

Impact

Affected accounts: 2.1M

Data exposed: Email addresses, Names, Physical addresses, Support tickets

Severity: CRITICAL

Source: [haveibeenpwned](https://haveibeenpwned.com/PwnedWebsites#Amtrak)

What You Should Do

If you have an account with Amtrak, take these steps immediately:

**Change your password** — Use a unique, strong password (16+ chars with mixed case, numbers, symbols)

**Enable 2FA** — Turn on two-factor authentication if available

**Check your email** — Search for breach notifications from Amtrak

**Monitor your accounts** — Watch for unauthorized access on any service where you reused the same password

**Scan your site** — If you run a website, [run a free ScanMyVibe scan](https://scanmyvibe.co/scan) to check if your own security headers and configurations protect against common attack vectors

Is Your Website Secure?

Data breaches often exploit weak security configurations — missing Content-Security-Policy headers, misconfigured CORS, exposed API keys. These are exactly the issues ScanMyVibe detects in under 30 seconds.

[Scan your site free →](https://scanmyvibe.co/scan)

Timeline

2026-04-03 — Breach reported

2026-04-03 — ScanMyVibe breach alert published

Ongoing — Investigation in progress

This article is auto-generated by ScanMyVibe's breach monitoring system. Sources are verified but details may evolve as investigations progress. Last updated: 2026-04-17.

🚨 Amtrak Breach — 2.1M Accounts Exposed

What Happened

Impact

What You Should Do

Is Your Website Secure?

Timeline

IS YOUR SITE NEXT?