Bea Beltran Tech 01.03.2023 21:Jan PM EST

Locomotive Company Wabtec Confirms Cyberattack by LockBit Ransomware Group

Wabtec, the leading locomotive and rail system company in the market, confirms a cyberattack it suffered brought by the LockBit ransomware group. They claimed that malware was installed on some systems within their network which led to data theft that was leaked online.

What Kind of Data Was Stolen?

By the end of the investigation on November 23rd of 2022, review specialists confirmed that Webtac had fallen victim to a cyberattack by the LockBit hacker group, wherein sensitive personal information had been stolen which are the following:

Name
Date of Birth
Non-US National ID Number
Non-US Social Insurance Number/Fiscal Code
Passport Number
IP Address
Employer Identification Number
USCIS/Alien Registration Number
UK National Health Service Number
Medical Records
Photographs
Gender/Gender Identity
Social Security Number
Financial Account Information
Account Username and Password
Biometrics
Criminal Records
Union Affiliation

This exposes the data of the company's employees which employs 25,000 people in 50 countries where the company operates. All the stolen data had been leaked on August 20th of 2022, according to Bleeping Computer.

The company warns individuals to remain vigilant as they may fall victim to fraudulent activities like identity theft. Victims should monitor their financial accounts and credit reports should there be anomalies present.

The company also suggested that the victims should get in touch with their banks to ask for additional security measures. As for identity protection and credit monitoring, they may use services capable of guarding them against possible identity theft or fraud.

It was also mentioned on their website that victims can consider implementing two-factor authentication, which could protect accounts from unauthorized access. Should victims receive emails asking for personal data, they should not provide it unless they are certain of its credibility.

They should also avoid clicking links or opening attachments to messages that may appear malicious. Indicators include typos, bad grammar, formatting errors, the offer of unsolicited freebies, or requests for disclosure of financial information or passwords.

How is Wabtec Resolving the Incident?

The rail giant claims to take its responsibility to secure data seriously and has taken steps to reinforce its systems and operations security. The company's efforts include additional safeguards and notifying applicable regulatory and data protection authorities.

The earliest report regarding the cyberattack brought by the ransomware group was on March 15th of 2022, wherein the hackers had installed malware on specific systems. It wasn't until June 26th that they detected unusual activity within their systems.

Investigations began and news of the cyberattack broke, although the company did not confirm it. The LockBit ransomware group eventually leaked the data that was stolen from Wabtec on August 20th of 2022, which could be due to the company not paying for the ransom.

It was months later, specifically on December 30th of 2022, before the company informed the affected individuals. A formal letter has been sent to inform the victims that their personal data was among the ones that were stolen by the hacker group.