Ransomware attack on Wabtec leads to a data breach

Wabtec, a locomotive company offering transportation solutions to improve the world, has disclosed that its servers were hit by a malware last year, leaking sensitive details of its employees to hackers.

The company that employs around 25,000 people and has a business presence in over 50 countries has concluded that critical details related to employees such as Full Names, DOBs, Non-US National ID Number, Passport Number, IP address, Non-US Social Insurance Numbers, EINs, USCIS, NHS details, Medical and health insurance data, Photographs, Financial info, salaries, social security numbers belonging to US employees, Payment card data, biometrics, criminal history details, religious beliefs, political stands and such.

Cybersecurity Insiders learnt from its sources that the attack took place last year, when hackers induced a file encrypting malware into the company’s network in March 2022. Then, on June 26th, 2022, the IT staff detected unusual network access and started an investigation.

A week later, forensic experts hired from a 3rd party firm confirmed the incident as a ransomware attack and started an inquiry.

In August 2022, Lockbit Ransomware gang claimed to have stolen the info and published sample data on the dark web to prove their claims.

Wabtec contacted the hackers and apparently negotiated the stolen data for a ransom. However, it is still unclear whether they paid a ransom to decrypt their database.

From December 30th 2022, the company started sending emails blasts to all the affected individuals and urged them to stay vigilant with their bank transactions and check for incidents such as identity thefts and any sort of cyber frauds in credit or financial reports.


Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display