Wabtec Corporation has finally released details of last year’s data security incident in which highly sensitive personal information was compromised.
Headquartered in Pittsburgh, the company prides itself on being one of the world’s leading rail technology companies with operations in more than 50 countries across the freight, transportation, mining, industrial and marine sectors.
The company, which generates $8 billion in revenue, was hit by a first-reported ransomware attack in June 2022.
Although the incident isn’t explicitly mentioned in the new breach notice, Wabtec said the fact that the stolen data was “posted on a threat actor’s leak site” makes it possible to infer a connection between the two. I can.
The company said it first noticed unusual network activity on June 26, 2022, but later determined that the system had been infected with malware on March 15, 2022.
“A forensic investigation revealed that certain systems containing sensitive information were subject to unauthorized access and that a certain amount of data was obtained from the Wabtec environment on June 26, 2022,” it said. .
“The information was then posted on the attacker’s leak site. On November 23, 2022, Wabtec, with the assistance of data review experts, confirmed that the affected files contained On December 30, 2022, Wabtec began notifying affected individuals with a formal letter informing them that their data was involved, in accordance with relevant regulations.”
Judging by the list of data types, it’s unclear exactly whose information was stolen in the breach, but it appears to be Wabtec employees worldwide. It also does not indicate the scale of the data theft.
Compromised information includes:
- first and last name
- Birthday
- Non-U.S. ID Numbers, Social Security Numbers, Fiscal Codes
- passport number
- employer identification number
- Alien registration number
- UK NHS number
- Medical and health insurance information
- Photo
- sex
- salary
- US social security number
- Financial account and payment card information
- sexual orientation
- religious belief
- union affiliation
Andrew Hay, COO of cybersecurity consultancy Lares Consulting, said the delay between malware deployment and its discovery by Wabtec may indicate a weak detection and response capability. .
“Unless the malware is intentionally delayed, there is no excuse not to detect or block the associated activity,” he added.
“When the FBI is involved, delays in disclosure are normal. As with any criminal case, law enforcement wants to investigate. It could take weeks, if not months, to establish attribution and possibly prosecute.”
Editorial Credit Icon Image: rafapress / Shutterstock.com
