US rail company Amtrak is writing to users of its Guest Rewards program to inform them that their data is potentially at risk following a derailment of their account security.  The three-day attack took place between May 15-18. Miscreants were breaking into accounts using valid credentials that were sourced from “third-party sources,”

Source: The Register