Rail technology company, Wabtec, has disclosed a data breach that affected sensitive user information, including passport, social security numbers, and medical records.
Wabtec is a 150-year-old company with over 27,000 employees worldwide. Headquartered in Pittsburgh, Pennsylvania, it is known for its rail braking systems, locomotives, air conditioning, and heating systems, among other things.
The company has recently disclosed an incident that affected some users’ personal information. Wabtec said it had started notifying the affected individuals on December 30, 2022.
The company allegedly became aware of “unusual activity” on its network nearly half a year ago – on June 26, 2022. After investigating the incident, the company learned malware had been introduced into specific systems as early as March 15, 2022.
Wabtec notified the Federal Bureau of Investigation (FBI) about the incident. While the official company’s announcement doesn’t reveal the nature of the attack, the notorious ransomware gang LockBit listed Wabtec on its data leak site last August. Since the company presumably refused to pay the ransom, the gang published the data it managed to steal from the locomotive corporation.
“While there is no indication that any specific information was or will be misused, considering the nature of the incident and the affected personal data, we cannot rule out that there may be attempts to carry out fraudulent activity. For this reason, Wabtec encourages individuals to remain vigilant against identity theft and fraud by reviewing their financial account statements and credit reports for any anomalies,” the company said.
The affected information varies by individual but includes a combination of the following data elements: first and last name, date of birth, non-US national ID number, non-US Social Insurance number or fiscal code, passport number, IP address, Employer Identification Number (EIN), USCIS or Alien Registration Number, NHS (National Health Service) number (UK), medical record/health insurance information, photograph, gender/gender identity, salary, social security number (US), financial account information, payment card information, and account username.
More from Cybernews:
Subscribe to our newsletter