Wabtec data breach exposes sensitive customer information

Wabtec data breach overview: 

• Who: Wabtec Corporation disclosed that it suffered a data breach last year. 
• Why: Wabtec says the data breach occurred after a threat actor installed malware in some of its systems beginning from as early as March 15, 2022. 
• Where: Wabtec operates in the United States, United Kingdom, Canada and Brazil. 

Wabtec Corporation disclosed that it suffered a data breach last year that exposed some individuals’ personal and private information. 

The rail and locomotive company says an internal investigation determined that a threat actor installed malware on some of its systems as early as March 15, 2022. 

Wabtec says it notified the Federal Bureau of Investigation shortly after discovering the data breach, which it says it assessed with leading cybersecurity firms. 

“The forensic investigation did reveal that certain systems containing sensitive information were subject to unauthorized access and that a certain amount of data was taken from the Wabtec environment on June 26, 2022,” Wabtec says on its website. 

A leak site belonging to the threat actor, LockBit later posted the data, which includes personal information, eventually leaking all of it in August, according to Bleeping Computer. 

The exposed information varies by individual and includes first and last names, birthdates, passport numbers, Social Security numbers and financial account information, among a host of other things, Wabtec says. 

No evidence information exposed in Wabtec data breach misused, company says 

Wabtec says it is “committed to and takes very seriously its responsibility to safeguard all data entrusted to it” and that it has “taken additional steps to reinforce the integrity and security of its systems and operations.” 

The company says it has also notified “all applicable regulatory and data protection authorities as required.” 

Wabtec has found no indication that any of the information exposed in the data breach has been misused but acknowledged that it “cannot rule out that there may be attempts to carry out fraudulent activity,” it says. 

“For this reason, Wabtec encourages individuals to remain vigilant against incidents of identity theft and fraud by reviewing their financial account statements and credit reports for any anomalies,” the company says.

In related rail news, last August, an appeals court denied an attempt by three UK train operators to dismiss a £93 million class action lawsuit arguing they worked together to double the price for passenger tickets. 

Have you been impacted by the Wabtec data breach? Let us know in the comments! 

Read About More Class Action Lawsuits & Class Action Settlements:

• Paddle boards sold at Costco recalled due to drowning hazard
• Breast implant class action alleges company negligent in product design, marketing, distribution
• VW recalls Beetles due to defective Takata air bags
• Canada receives $1M, Alberta $280K in costs following First Nations land treaty entitlement case