Amtrak named in alleged ShinyHunters cyberattack involving 9.4 million records

The National Railroad Passenger Corporation, known as Amtrak, has been identified by the hacking group ShinyHunters in an alleged cyberattack involving 9.4 million records, with the attackers threatening to release the data publicly if a ransom is not paid.

The group posted the claim on its dark web site, stating that it obtained the data through access to Salesforce systems earlier in 2026. The attackers asserted that the compromised dataset includes personally identifiable information and internal corporate data, though no evidence or sample data has been released to substantiate the claim.

ShinyHunters indicated that the data could be published as early as April 14 if its demands are not met. The absence of verifiable data has made it unclear what specific information may have been accessed or whether the breach has directly affected customers, employees, or both.

The alleged intrusion is linked to a broader campaign in which the group targeted organizations using Salesforce, a widely used customer relationship management platform that supports functions such as marketing, analytics and customer service. The attackers reportedly gained access through social engineering techniques aimed at employees, allowing them to infiltrate corporate systems and extract data.

Amtrak operates as the United States’ primary intercity passenger rail provider, employing more than 22,000 people and generating billions in annual ticket revenue. The company has not publicly confirmed the breach or disclosed details regarding potential exposure of its systems or customer data.

Security risks associated with such incidents typically include identity theft and phishing attacks when personal information is involved. Exposure of internal corporate data can also create vulnerabilities by revealing operational details that could be exploited in future cyberattacks.

ShinyHunters has been linked to multiple high-profile incidents in 2026, including alleged data breaches involving Cisco Systems, Hallmark, Rockstar Games, Mercer Advisors and Beacon Pointe Advisors. The group has followed a pattern of publicly naming organizations before releasing or attempting to monetize stolen data.