// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-hibpDTG 0600Z
Breach Record

Amtrak

DISCLOSED 2026-04-03 · STOLEN CREDS · 2,147,679 RECORDS EXPOSED

In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak. The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly. They subsequently published the alleged data which contained over 2M unique email addresses along with names, physical addresses and customer support records.

The record

What we know

Disclosed
2026-04-03
Attack vector
Stolen Creds
Records exposed
2,147,679
Domain
amtrak.com
Data classes exposed
Email addressesNamesPhysical addressesSupport tickets
Sources

Cited reporting

Similar vector · recent

Other stolen creds breaches on file

This page is the permanent ColdRecon entry for the Amtrak disclosure. It updates if new public reporting emerges. All tracked breaches →

Amtrak just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →