Federal Reports

An Amtrak Coach Cleaner based in Beech Grove, Indiana, was terminated from employment on December 12, 2023, following his administrative hearing. Our investigation found that the employee violated company policies by falsely claiming employment with the U.S. Army from 2004-2015 on a resume he submitted to the company, when he was actually serving time in prison for arson.

An Amtrak electrician based in Wilmington, Delaware, violated company policies by engaging in outside employment by operating his general contracting business while on a medical leave of absence. The employee was on a medical leave of absence since February 2020 and had not returned to work as of the issuance of our investigative report. The employee resigned on December 12, 2023, prior to his scheduled administrative hearing.

The Pandemic Response Accountability Committee’s (PRAC) Semiannual Report to Congress, covering the period from April 1, 2023 through September 30, 2023.

Like other organizations, Amtrak (the company) faces the inherent cybersecurity risk that employees or contractors are “insider threats”—that is, that they could maliciously or unintentionally use information systems or data in a manner that harms the company. Insider threats may cause more harm and are more difficult to detect than external cyber‐attackers because individuals within an organization already have access to systems and data. Amtrak Office of Inspector General’s (OIG) recent investigations identified company employees and contractors who misused or took advantage of their system access and exposed sensitive company information. Accordingly, our objective was to assess the effectiveness of company controls to protect its information systems and data from insider threats. Our recommendations included conducting an insider threat risk assessment, establishing a policy for insider threat activities, and developing a process to track and enforce company access requirements. In commenting on a draft of this report, company executives agreed with our recommendations and identified actions that the company plans to take to address them.THE TRANSPORTATION SECURITY ADMINISTRATION AND THE DEPARTMENT OF TRANSPORTATION HAVE DETERMINED THAT THIS REPORT CONTAINS SENSITIVE SECURITY INFORMATION (SSI) that is controlled under 49 CFR parts 15 and 1520 to protect Sensitive Security Information exempt from public disclosure. For Amtrak OIG, public disclosure is governed by 5 U.S.C. § 552 and 49 CFR parts 15 and 1520. This public version of the report has been redacted.