Wabtec, rail giant, discloses breach of data after Lockbit ransomware attacks

Wabtec Corporation, a U.S. railroad and locomotive company has revealed a data breach which exposed sensitive and personal information.

Wabtec, a U.S. public company that produces state-of the-art rail and locomotive systems, is located in Texas. It employs around 25,000 workers and is present in more than 50 countries. The company is the global market leader for freight locomotives as well as a key player in transit.

According to the firm’s 2021 financial reports, the revenue was $7.8Billion. This is a remarkable 20% increase in freight moving by Wabtec’s 23,000 locomotives worldwide.

Wabtec reports a data breach

Wabtec announced that hackers broke into their network and placed malware on certain systems in a press release at the close of the year.

Wabtec reported that they had detected unusual activity in their network on June 26th. This led to them investigating the incident and determining if the hackers stole data.

published the following day that Wabtec sources indicated it was ransomware attacking the rail giant. The company didn’t respond to the reports.

A few weeks later LockBit released samples of Wabtec data and finally leaked the entire stolen data, possibly after an unpaid ransom.

LockBit published all files stolen from Wabtec


Wabtec now explains that the investigation into this incident concluded November 23, 2022 when data review experts confirmed LockBit’s theft of files containing sensitive personal details.

The stolen data included sensitive information such as:

  • Please enter your full name
  • Date of birth
  • Non-US National ID Number
  • Non-US Social Insurance Number, or Fiscal Code
  • Passport number
  • IP address
  • Employer Identification Number (EIN),
  • USCIS (Alien Registration Number)
  • NHS Number (UK)
  • Information about your medical record/health insurance.
  • Photograph, Gender/Gender Identity,
  • Salary and Social Security Number (US),
  • Financial Account Information,
  • Payment Card Information
  • Password and Username for Account
  • Biometric information
  • Race/Ethnicity,
  • Incriminating Offenses or Criminal Convictions
  • Sexual orientation/Life
  • The following are religious beliefs
  • Union Affiliation
While there are no signs that specific data was misused or could be, the nature and extent of the incident, as well as the personal information affected, does not rule out the possibility of fraudulent activity. – .

Wabtec urges people to be vigilant about identity theft and fraud and encourages them to review their credit reports and financial statements for anomalies.

On December 30, 2022, the company began sending data breach notices to affected individuals. However, the number of those affected remains unknown.