- Wabtec announced that the malware was introduced into certain systems as early as March 15, 2022.
- The stolen data was posted on LockBit’s leak site on August 20, which means that the company didn’t pay the ransom.
- The company started notifying affected individuals on the 30th of December and implemented additional procedural safeguards.
Wabtec Corporation published an announcement about a security incident that happened in early 2022. Wabtec Corporation, the parent company of Wabtec Corporation, Wabtec UK Limited, and Wabtec Brasil Fabricação e Manutenção de Equipamentos Ltda., located in the US, Canada, UK, and Brazil, respectively, became aware of an unusual activity on its network on June 26 and started an internal investigation.
Data released online
Shortly after, the LockBit ransomware group shared a sample of data stolen from the company and on August 20, the hacker group released all stolen data, which shows that the company didn’t pay the ransom. Wabtec worked with data review specialists and determined that personal information was contained within the stolen data on November 23. The company started notifying affected individuals on December 30.
The affected information varies by individual but includes a combination of the following data elements: First and Last Name, Date of Birth, Non-US National ID Number, Non-US Social Insurance Number or Fiscal Code, Passport Number, IP Address, Employer Identification Number (EIN), USCIS or Alien Registration Number, NHS (National Health Service) Number (UK), Medical Record/Health Insurance Information, Photograph, Gender/Gender Identity, Salary, Social Security Number (US), Financial Account Information, Payment Card Information, Account Username, and Password, Biometric Information, Race/Ethnicity, Criminal Conviction or Offense, Sexual Orientation/Life, Religious Beliefs, Union Affiliation.
The company is also notifying all applicable regulatory and data protection authorities, as required. Wabtec also stated that the company has taken additional steps to reinforce the integrity and security of its systems and operations, by implementing additional procedural safeguards. Wabtec said,
« While there is no indication that any specific information was or will be misused, considering the nature of the incident and of the affected personal data, we cannot rule out that there may be attempts to carry out fraudulent activity. For this reason, Wabtec encourages individuals to remain vigilant against incidents of identity theft and fraud by reviewing their financial account statements and credit reports for any anomalies. »