U.S rail and locomotive company Wabtec Corp. recently disclosed an 8-month-old breach that exposed personal and sensitive information of some individuals after the stolen data was posted on a threat actor’s leak site.
Hackers breached the network on March 15, 2022, but the company only became aware of unusual activity on its network on June 26, which prompted an internal investigation.
“With the assistance of leading cybersecurity firms, we assessed the scope of the incident to, among other things, determine if personal data may have been affected. Additionally, shortly after discovery of the event, Wabtec notified the Federal Bureau of Investigation,” the company said.
A spokesperson for Wabtec was not immediately available to provide additional details.
Wabtec is a provider of equipment, systems, digital solutions and value-added services for the freight and transit rail sectors. The company employs over 27,000 employees in over 50 countries around the world.
According to Wabtec, the affected information includes:
- Full name
- Date of birth
- Non-U.S. national ID numbers
- Non-U.S. social insurance numbers or fiscal codes
- Passport numbers
- IP addresses
- Employer identification numbers
- USCIS or alien registration numbers
- National Health Service numbers – U.K.
- Medical record/health insurance information
- Photographs
- Gender identity
- Salaries
- Social Security numbers – U.S.
- Financial account information
- Payment card information
- Account usernames and passwords
- Biometric information
- Race/ethnicity
- Criminal convictions or offenses
- Sexual orientation/life
- Religious beliefs
- Union affiliation
