A potential Amtrak data breach has surfaced after a dataset containing 2.1 million confirmed records — potentially up to 9.4 million — appeared on Have I Been Pwned, raising serious concerns about customer privacy. The exposed data reportedly includes names, email addresses, physical addresses, and customer support records, which can reveal detailed travel histories and interactions. While Amtrak has not confirmed the full scope, the breach is being linked to ShinyHunters, a group known for targeting cloud-based CRM platforms like Salesforce to extract large datasets without directly breaching internal networks.

What makes this incident particularly dangerous is not just the exposure of basic contact data, but the inclusion of customer support interactions, which enable highly targeted phishing and social engineering attacks. Attackers can reference real trips, delays, or refund requests — making fraudulent emails or messages convincing and far more likely to succeed. This reflects a growing trend where SaaS platforms and centralized customer data systems become high-value targets, often compromised through misconfigurations, weak access controls, or stolen credentials, allowing attackers to quietly exfiltrate massive datasets.

The solution lies in a unified SaaS and data security platform, such as NIKSUN, that combines identity monitoring, API visibility, log analytics, and deep network telemetry (L2–L7) into a single data lake. By correlating user access patterns, CRM activity, API calls, and data movement in real time, organizations can detect abnormal behavior — such as bulk data access or unauthorized exports — before exfiltration occurs. With AI-driven anomaly detection, full audit trails, and automated response, companies can secure cloud environments like Salesforce, prevent large-scale data exposure, and protect against the next wave of highly targeted phishing attacks. Read more about this story on our LinkedIn page