A contractor providing information technology security services for Amtrak violated company policies by wrongfully uploading sensitive and proprietary Amtrak data to his personal Google cloud storage and a personally owned USB flash drive without company knowledge or approval. Our agents were able to identify and remove the company’s data from his cloud storage and flash drive. In addition, the company has remediated certain vulnerabilities and continues to take steps to address security weaknesses identified as part of our investigation.
Tuesday, June 2, 2020
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
Type of Report: