U.S. rail and locomotive company Wabtec Corporation was targeted by the Lockbit ransomware group in a cyber attack that exposed personal and sensitive information.
The hackers breached their network and installed malware on specific systems as early as March 15th, 2022.
LockBit also published samples of data stolen from Wabtec and eventually leaked all stolen data on August 20th, 2022, presumably after a ransom was not paid
The stolen files contained sensitive personal information like Full Name, Date of Birth, Non-US National ID Number, Non-US Social Insurance Number or Fiscal Code, Passport Number, IP Address, Employer Identification Number (EIN), USCIS or Alien Registration Number, NHS (National Health Service) Number (UK), Medical Record/Health Insurance Information, Photograph, Gender/Gender Identity, Salary, Social Security Number (US),Financial Account Information, Payment Card Information, Account Username and Password, Biometric Information, Race/Ethnicity, Criminal Conviction or Offense, Sexual Orientation/Life, Religious Beliefs, Union Affiliation.
The company sent notices of the data breach to all impacted individuals.
TPRM report: https://scoringcyber.rankiteo.com/company/wabtec-corporation
"id": "wab18514123",
"linkid": "wabtec-corporation",
"type": "Ransomware",
"date": "01/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Transportation',
'location': 'United States',
'name': 'Wabtec Corporation',
'type': 'Rail and Locomotive Company'}],
'attack_vector': 'Malware installation on specific systems',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Sensitive Information']},
'date_detected': '2022-03-15',
'description': 'U.S. rail and locomotive company Wabtec Corporation was '
'targeted by the Lockbit ransomware group in a cyber attack '
'that exposed personal and sensitive information.',
'impact': {'data_compromised': ['Full Name',
'Date of Birth',
'Non-US National ID Number',
'Non-US Social Insurance Number or Fiscal '
'Code',
'Passport Number',
'IP Address',
'Employer Identification Number (EIN)',
'USCIS or Alien Registration Number',
'NHS (National Health Service) Number (UK)',
'Medical Record/Health Insurance Information',
'Photograph',
'Gender/Gender Identity',
'Salary',
'Social Security Number (US)',
'Financial Account Information',
'Payment Card Information',
'Account Username and Password',
'Biometric Information',
'Race/Ethnicity',
'Criminal Conviction or Offense',
'Sexual Orientation/Life',
'Religious Beliefs',
'Union Affiliation']},
'motivation': 'Ransom',
'ransomware': {'data_exfiltration': 'Yes',
'ransom_paid': 'No',
'ransomware_strain': 'Lockbit'},
'response': {'communication_strategy': 'Sent notices of the data breach to '
'all impacted individuals'},
'threat_actor': 'Lockbit ransomware group',
'title': 'Wabtec Corporation Data Breach by Lockbit Ransomware Group',
'type': 'Ransomware Attack'}