RailWorks Corporation

On January 27, 2020, RailWorks Corporation suffered a sophisticated cyberattack where an unauthorized third party encrypted its servers, resulting in a data breach. The incident exposed highly sensitive personal information of approximately 300,000 employees and former employees, including names, addresses, Social Security numbers, and dates of birth. The breach posed significant risks of identity theft and financial fraud. In response, RailWorks offered 12 months of free credit monitoring via Identity Guard® to mitigate potential harm. The attack’s scale and the nature of the compromised data critical employee records highlight severe operational and reputational consequences for the company, alongside long-term trust erosion among affected individuals.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-187766

TPRM report: https://www.rankiteo.com/company/railworks-corporation

"id": "rai947091725",
"linkid": "railworks-corporation",
"type": "Cyber Attack",
"date": "1/2020",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': '300,000 (employees and former '
                                              'employees)',
                        'industry': 'Railroad Construction & Maintenance',
                        'location': 'California, USA',
                        'name': 'RailWorks Corporation',
                        'type': 'Corporation'}],
 'data_breach': {'data_encryption': 'Yes (servers encrypted by unauthorized '
                                    'party)',
                 'number_of_records_exposed': '300,000',
                 'personally_identifiable_information': ['names',
                                                         'addresses',
                                                         'Social Security '
                                                         'numbers',
                                                         'dates of birth'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)']},
 'date_detected': '2020-01-27',
 'description': 'The California Office of the Attorney General reported that '
                'RailWorks Corporation experienced a data breach on January '
                '27, 2020, due to a sophisticated cyberattack that involved an '
                'unauthorized third party encrypting its servers. The breach '
                'potentially exposed personal information including names, '
                'addresses, Social Security numbers, and dates of birth of '
                'employees and former employees. Approximately 300,000 '
                'individuals were affected, and RailWorks is providing 12 '
                'months of free credit monitoring services through Identity '
                'Guard® to those impacted.',
 'impact': {'data_compromised': ['names',
                                 'addresses',
                                 'Social Security numbers',
                                 'dates of birth'],
            'identity_theft_risk': 'High (PII exposed)',
            'systems_affected': ['servers']},
 'ransomware': {'data_encryption': 'Yes'},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'response': {'remediation_measures': ['12 months of free credit monitoring '
                                       '(Identity Guard®)']},
 'threat_actor': 'Unauthorized third party',
 'title': 'RailWorks Corporation Data Breach (2020)',
 'type': 'Data Breach / Ransomware'}