Skip to Content

Rail Technology Company Wabtec Suffers Apparent Ransomware Attack

Updated on 2023-01-03: Rail Technology Company Wabtec Suffers Apparent Ransomware Attack

In June 2022, rail technology company Wabtec learned of suspicious activity on its network and following an investigation, learned that intruders had managed to install malware on the company’s systems in mid-March 2022. Wabtec determined that sensitive data, including non-US national ID numbers, non-US social insurance numbers or fiscal codes, passport numbers, medical record/health insurance information, and biometric information, were compromised; the company began notifying affected customers in late December 2022.

Wabtec has confirmed a ransomware attack at the hands of the LockBit ransomware gang.


  • Falling victim to a ransomware attack given its pervasive use over the last few years is one thing. Only beginning to notify affected customers six months later is something entirely different. Wabtec customers should have been notified faster. The lesson to learn, as has been reported in other NewsBites, is to have a response plan in place and regularly tested.
  • LockBit strikes again. Dwell time continues to be a challenge: in this case the attackers had about 100 days between the compromise in March and breach June 26th. This would be a good time to review your detection capabilities to see if you could respond any more quickly. While Wabtec is not offering credit monitoring, their notification includes good information on data protection, fraud reporting and credit freeze for US, UK, Canada and Brazilian customers, with relevant sections in English, Portuguese and French. Something to file away if you find yourself in a similar situation. While it seems like a long time between the breach and notification to affected customers, it wasn’t until late November that the investigation determined the personal information was included in the breached data. Additionally, law enforcement involvement, in this case the FBI, may have also put some constraints on disclosing information while the investigation was ongoing.


Updated on 2023-01-02: Wabtec ransomware attack

US rail and locomotive company Wabtec has confirmed a ransomware attack at the hands of the LockBit ransomware gang. The incident took place in June 2022 and impacted its US, Canada, UK, and Brazil operations. Read more: Data Security Incident Update – Personal Data Breach Public Communication


U.S. rail and locomotive company Wabtec Corporation recently disclosed a data breach from June 26, 2022, after it was the victim of a LockBit ransomware attack.

    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on