Rail tech company discloses sensitive data breach


Rail technology company, Wabtec, has disclosed a data breach that affected sensitive user information, including passport, social security numbers, and medical records.

Wabtec is a 150-year-old company with over 27,000 employees worldwide. Headquartered in Pittsburgh, Pennsylvania, it is known for its rail braking systems, locomotives, air conditioning, and heating systems, among other things.

The company has recently disclosed an incident that affected some users’ personal information. Wabtec said it had started notifying the affected individuals on December 30, 2022.

The company allegedly became aware of “unusual activity” on its network nearly half a year ago – on June 26, 2022. After investigating the incident, the company learned malware had been introduced into specific systems as early as March 15, 2022.

Wabtec notified the Federal Bureau of Investigation (FBI) about the incident. While the official company’s announcement doesn’t reveal the nature of the attack, the notorious ransomware gang LockBit listed Wabtec on its data leak site last August. Since the company presumably refused to pay the ransom, the gang published the data it managed to steal from the locomotive corporation.

Lockbit hits Wabtec
Screenshot by Cybernews

“While there is no indication that any specific information was or will be misused, considering the nature of the incident and the affected personal data, we cannot rule out that there may be attempts to carry out fraudulent activity. For this reason, Wabtec encourages individuals to remain vigilant against identity theft and fraud by reviewing their financial account statements and credit reports for any anomalies,” the company said.

The affected information varies by individual but includes a combination of the following data elements: first and last name, date of birth, non-US national ID number, non-US Social Insurance number or fiscal code, passport number, IP address, Employer Identification Number (EIN), USCIS or Alien Registration Number, NHS (National Health Service) number (UK), medical record/health insurance information, photograph, gender/gender identity, salary, social security number (US), financial account information, payment card information, and account username.


More from Cybernews:

Twitter data leak - 400 million user details up for sale

Cybersecurity firm links Piers Morgan Twitter hack to massive leak of user data

Crooks monitor Twitter complaints to target users via phishing

Cricket-oriented platform ‘drops a dolly’ exposing user data

TikTok parent ByteDance cuts hundreds of jobs in China

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked