Heimdal
article featured image

Contents:

Wabtec Corporation announced that it was the victim of a ransomware attack. The attack caused a data breach, exposing personal and sensitive information.

Wabtec Corporation is a U.S. company that produces locomotives and rail systems. With 25,000 employees in 50 countries, the organization is the world’s market leader in freight locomotives, 20% of the world’s cargo being transported with Wabtec’s locomotives.

The Timeline of the Attack

Wabtec explained that on March 15th, 2022, its network was breached by threat actors, who installed malware on its systems.

The data breach was noticed on June 26th, 2022, when the IT team detected some suspicious activity on the network. Later investigation revealed that they were dealing with a ransomware attack.

The forensic investigation did reveal that certain systems containing sensitive information were subject to unauthorized access, and that a certain amount of data was taken from the Wabtec environment.

Source

LockBit threat group published samples of the exfiltrated data on the dark web, and, after most probably a ransom was not paid, leaked all the stolen information on August 20th, 2022.

The forensic investigation of the attack ended on November 23rd, 2022, when it concluded that LockBit had taken sensitive personal information-containing files, according to Bleeping Computer.

The Stolen Data

The Wabtec contaminated systems contained a variety of sensitive information, and while the individuals’ exposed information varies, it involves an assortment of the following data items:

  • Complet Name
  • Date of Birth
  • Non-US National ID Number and Social Insurance Number or Fiscal Code
  • Passport Number
  • IP Address
  • Employer Identification Number (EIN)
  • USCIS or Alien Registration Number
  • NHS (National Health Service) Number (UK)
  • Medical Record/Health Insurance Information
  • Photograph
  • Gender/Gender Identity
  • Salary
  • Social Security Number (US)
  • Financial Account Information
  • Card Details
  • Account Credentials
  • Biometric Information,
  • Race/Ethnicity
  • Criminal Record
  • Sexual Orientation/Life
  • Religious Beliefs
  • Union Affiliation

Starting on December 30th, 2022, Wabtec is sending notices about the data breach to the affected individuals, however, the exact number of people harmed by the attack is unknown.

While there is no indication that any specific information was or will be misused, considering the nature of the incident and of the affected personal data, we cannot rule out that there may be attempts to carry out fraudulent activity. For this reason, Wabtec encourages individuals to remain vigilant against incidents of identity theft and fraud by reviewing their financial account statements and credit reports for any anomalies.

Source

If you liked this article, follow us on LinkedInTwitterFacebookYouTube, and Instagram for more cybersecurity news and topics.

Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE