Locomotive Maker Wabtec Discloses Ransomware Attack 9 Months After Hackers Breached its Network

Wabtec Corporation, one of the world’s top manufacturers of locomotives, freight cars and passenger transit vehicles, has disclosed a data breach that exposed tons of personal information.

Hackers breached Wabtec’s network in March, but the company said it only noticed “unusual activity” in June.

“It was subsequently determined that malware was introduced into certain systems as early as March 15, 2022,” according to the notice.

The company notified the FBI and recruited the help of cybersecurity experts to assess the scope of the incident and determine whether personal data had been affected.

“The forensic investigation did reveal that certain systems containing sensitive information were subject to unauthorized access, and that a certain amount of data was taken from the Wabtec environment on June 26, 2022,” the advisory continues.

Shortly after the breach, LockBit ransomware operators took credit for the attack and started leaking the stolen data after the victim company refused to pay ransom.

Finally, in November, Wabtec determined that the data dump did include personal information.

On Dec. 30, the firm began notifying affected individuals, as required by law, with a formal letter explaining the incident and the data involved.

The notice includes a worryingly-long list of impacted data, including:

• First and Last Name
• Date of Birth
• Non-US National ID Number
• Non-US Social Insurance Number or Fiscal Code
• Passport Number
• IP Address
• Employer Identification Number (EIN)
• USCIS or Alien Registration Number
• NHS (National Health Service) Number (UK)
• Medical Record/Health Insurance Information
• Photograph
• Gender/Gender Identity
• Salary
• Social Security Number (US)
• Financial Account Information
• Payment Card Information
• Account Username and Password
• Biometric Information
• Race/Ethnicity
• Criminal Conviction or Offense
• Sexual Orientation/Life
• Religious Beliefs
• Union Affiliation

LockBit ransomware operators recently offered free decryption keys to a distraught children’s hospital in Canada after one of the crew’s affiliates violated the hackers’ code of ethics that prohibits attacks on healthcare.

LockBit entered the ransomware-as-a-service scene in 2019 and has steadily improved its malware and techniques to become one of the most prolific cybercrime gangs in the world.