Connect with us

Hi, what are you looking for?



Railroad Construction Firm RailWorks Falls Victim to Ransomware

Rail contractor RailWorks Corporation is notifying employees and third-parties that it recently fell victim to a ransomware attack in which sensitive information might have been compromised.

Rail contractor RailWorks Corporation is notifying employees and third-parties that it recently fell victim to a ransomware attack in which sensitive information might have been compromised.

Founded in 1998, the track, transit and rail system services provider builds and maintains rail transportation infrastructure in the United States and Canada. The company has more than 3,500 employees in North America.

At the end of January, the company started informing employees of a cyber-incident that resulted in servers and systems being encrypted, and has since filed data breach notifications with California’s Office of the Attorney General.

The incident, which the company refers to as a “sophisticated cyberattack,” was clearly a ransomware attack, where cybercriminals managed to compromise systems within the contractor’s environment and plant data-encrypting malware on them.

The affected machines, RailWorks explains in the breach notifications, might have contained personally identifiable information (PII) of its employees, former employees, and third-party contractors.

The incident “may have involved access to your name, address, driver’s license number and/or government issued ID, Social Security number, date of birth and date of hire/termination and/or retirement,” the company told its employees.

Data that RailWorks stored on non-employees, and which might have been affected, includes names, addresses, Social Security numbers, dates of birth, and dates of hire/termination and/or retirement, the contractor said in a second data breach notification.

Advertisement. Scroll to continue reading.

A third notification filed with California’s Office of the Attorney General covers potentially compromised data of impacted individuals’ minor children.

RailWorks says it has no indication that the personal information of the affected individuals or their minor children was misused, but offers free credit monitoring as a precautionary measure.

What the company hasn’t disclosed yet is the number of affected individuals and how the hackers gained access to its systems in the first place.

SecurityWeek has emailed RailWorks for additional information on the incident and will update the article as soon as a reply arrives.

Related: Netherlands University Pays $240,000 After Targeted Ransomware Attack

Related: Operations at U.S. Natural Gas Facilities Disrupted by Ransomware Attack

Related: Christmas Ransomware Attack Hit New York Airport Servers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...