// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
Breach Record

Amtrak

DISCLOSED 2026-04-30 · STOLEN CREDS · 9,400,000 RECORDS EXPOSED

Threat actor ShinyHunters claims to have stolen 9.4 million Amtrak records from a Salesforce instance. The breach exposed names, addresses, and customer support interaction records, with 2.1 million accounts confirmed on Have I Been Pwned. The attack vector appears to involve compromised credentials.

The record

What we know

Disclosed
2026-04-30
Attack vector
Stolen Creds
Sector
transportation
Country
US
Records exposed
9,400,000
Data classes exposed
namesaddressescustomer support interaction records
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · unclear · opinion

The article does not describe how the Salesforce instance was accessed; without knowing whether it involved endpoint compromise or unauthorized changes, it is unclear if a positive-security model would have prevented this breach.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other stolen creds breaches on file

This page is the permanent ColdRecon entry for the Amtrak disclosure. It updates if new public reporting emerges. All tracked breaches →

Amtrak just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →