Rail Technology Company Wabtec Suffers Apparent Ransomware Attack
In June 2022, rail technology company Wabtec learned of suspicious activity on its network and following an investigation, learned that intruders had managed to install malware on the company’s systems in mid-March 2022. Wabtec determined that sensitive data, including non-US national ID numbers, non-US social insurance numbers or fiscal codes, passport numbers, medical record/health insurance information, and biometric information, were compromised; the company began notifying affected customers in late December 2022.
Falling victim to a ransomware attack given its pervasive use over the last few years is one thing. Only beginning to notify affected customers six months later is something entirely different. Wabtec customers should have been notified faster. The lesson to learn, as has been reported in other NewsBites, is to have a response plan in place and regularly tested.
LockBit strikes again. Dwell time continues to be a challenge: in this case the attackers had about 100 days between the compromise in March and breach June 26th. This would be a good time to review your detection capabilities to see if you could respond any more quickly. While Wabtec is not offering credit monitoring, their notification includes good information on data protection, fraud reporting and credit freeze for US, UK, Canada and Brazilian customers, with relevant sections in English, Portuguese and French. Something to file away if you find yourself in a similar situation. While it seems like a long time between the breach and notification to affected customers, it wasn't until late November that the investigation determined the personal information was included in the breached data. Additionally, law enforcement involvement, in this case the FBI, may have also put some constraints on disclosing information while the investigation was ongoing.
Read more in
Infosecurity Magazine: Rail Tech Giant Wabtec Discloses Global Data Breach
Bleeping Computer: Rail giant Wabtec discloses data breach after Lockbit ransomware attack