Amtrak confirms crooks are breaking into accounts using creds swiped from other DBs US rail service Amtrak is writing to users of its Guest Rewards program to inform them that their data is potentially at risk following a derailment of their individual account security. The three-day attack took place between May 15-18. Miscreants were breaking into accounts using valid credentials that were sourced from " …
Waist?
The subordinate clause is a bit ambiguous as to whether it's qualifying the program, the rail system or the passengers...
Incidentally being forced to pen ... letters would seem quite an effective punishment for security breaches. Ink well, blunt nib and Izal-like blotting paper as well, perhaps.
The is a more subtle reason for the delays. Owning, maintaining and paying property tax track is expensive, so the host railroads set up the track to efficiently handle trains running at freight train speeds. Building track to handle passenger trains in addition to freight trains adds significantly to the cost of track, but Amtrak is not paying anywhere near the amount needed to cover those costs.
Many cities have commuter rail options where the cities bought the track from the railroads that built the track, and the dispatching on those lines is handled by the commuter rail authorities. These typically give priority to the commuter trains over the Amtrak trains.
This post has been deleted by its author
This post has been deleted by its author
For a travel company, location based metrics won't work since people could be anywhere and need to log into the system for something. Some sort of biometrics would also require a way to take a reading that might not be available at the time. If you used a finger print via a reader on your phone, you'd need to use a device that can take a finger print in a compatible way. What may be workable is logging into an account with a simple login/pass and making any changes or retrieving personal data take an extra step. A monthly statement can include a security code that changes each month. You'd need to keep track of that code or have to get it reset in a way that takes more effort/knowledge. I know that I had to abandon a few registrations when I forgot the L:P and I had used a discontinued Google mail account. They can't send me mail with the account on file as it doesn't exist anymore and they never formulated a plan to help somebody with that issue. You can't contact them because you can't log in.
Making logging into the account a big PIA isn't going to be helpful. It always seems when something goes wrong, a MFA process isn't much help and nearly impossible to recover from until I get home and can look things up as I don't use my phone for much more than voice calls so I'm not bothered if it gets nicked other than having to get a new phone, but my bank accounts aren't going to be bled dry and there's no "bonk to pay" going on where somebody would have a good several hours to buy a load of stuff before I could get home and look up phone numbers and log into web sites to get things shut down. It's similar to how I don't save my card details on online retail or auction sites. Yes, it's more typing to buy something, but somebody with my credentials can't make purchases. Some information I have on places like eBay are subtly wrong and has to be corrected for a payment to go through so even if somebody got my debit card and could log into my eBay account, a payment would be kicked out. I know it works as I've not made the corrections and had a payment fail.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
