Rail systems and locomotive manufacturer Wabtec has started sending notification letters to individuals whose personal information was stolen in a ransomware attack last year.
The US-based firm provides railway equipment, systems, and services worldwide and has offices in the Americas, Australia, and Europe. The company has roughly 27,000 employees.
In a data breach notice, Wabtec says branches in the US, Canada, UK, and Brazil were impacted by the cyberattack.
The incident was discovered on June 26, 2022, but the attackers had access to Wabtec’s network much earlier, and had deployed malware on certain systems on March 15, 2022.
“Wabtec, with the assistance of leading cybersecurity firms, assessed the scope of the incident to, among other things, determine if personal data may have been affected. Additionally, shortly after discovery of the event, Wabtec notified the Federal Bureau of Investigation,” the company says.
The attackers accessed systems containing sensitive information and, on June 26, exfiltrated some of the data, Wabtec says.
“The information was later posted to the threat actor’s leak site. On November 23, 2022, Wabtec, with the assistance of data review specialists, determined that personal information was contained within the impacted files,” Wabtec says.
Exposed information includes names, birth dates, gender, passport numbers, employee identification numbers, health service numbers, social insurance (non-US) and Social Security (US) numbers, IP addresses, medical information, photographs, financial account and payment card data, usernames and passwords, biometric information, and more.
While Wabtec did not share information on the type of cyberattack it suffered, in August 2022, the LockBit ransomware gang published data allegedly stolen from the company.