{
	"id": "63f1b5ed-95fc-490f-be00-aa7f5179eb31",
	"created_at": "2026-04-06T00:21:26.088533Z",
	"updated_at": "2026-04-10T13:13:03.53916Z",
	"deleted_at": null,
	"sha1_hash": "52d52a4374f65b53cf34e43a6ee6820a4c258740",
	"title": "Rail giant Wabtec discloses data breach after Lockbit ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2430659,
	"plain_text": "Rail giant Wabtec discloses data breach after Lockbit ransomware attack\r\nBy Bill Toulas\r\nPublished: 2023-01-03 · Archived: 2026-04-05 19:13:22 UTC\r\nU.S. rail and locomotive company Wabtec Corporation has disclosed a data breach that exposed personal and sensitive\r\ninformation.\r\nWabtec is a U.S.-based public company producing state-of-the-art locomotives and rail systems. The company employs\r\napproximately 25,000 people and has a presence in 50 countries, being the world's market leader in freight locomotives and\r\na major player in the transit segment.\r\nThe firm's 2021 financial results give a revenue figure of $7.8 billion, reporting a staggering 20% of the world's freight\r\nbeing moved by the 23,000 of Wabtec's locomotives in global operation.\r\nhttps://www.bleepingcomputer.com/news/security/rail-giant-wabtec-discloses-data-breach-after-lockbit-ransomware-attack/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/rail-giant-wabtec-discloses-data-breach-after-lockbit-ransomware-attack/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nWabtec discloses a data breach\r\nIn an announcement published at the end of the year, Wabtec says hackers breached their network and installed malware on\r\nspecific systems as early as March 15th, 2022.\r\nOn June 26th, Wabtec said they detected unusual activity on their network leading to an investigation of the attack and\r\nwhether the hackers had stolen data.\r\nOn the next day, news outlets reported that sources at one of Wabtec's plants indicated that it was a ransomware attack\r\nimpacting the rail giant. However, the company did not officially respond to the rumors.\r\nA couple of weeks later, LockBit published samples of data stolen from Wabtec and eventually leaked all stolen data on\r\nAugust 20th, 2022, presumably after a ransom was not paid.\r\nLockBit published all files stolen from Wabtec (BleepingComputer)\r\nAs Wabtec explains now, its investigation of the incident was concluded on November 23rd, 2022, when data review\r\nspecialists confirmed that LockBit had stolen files containing sensitive personal information.\r\nThis stolen data exposed a wide variety of sensitive information, including:\r\nFull Name,\r\nDate of Birth,\r\nNon-US National ID Number,\r\nNon-US Social Insurance Number or Fiscal Code,\r\nPassport Number,\r\nIP Address,\r\nhttps://www.bleepingcomputer.com/news/security/rail-giant-wabtec-discloses-data-breach-after-lockbit-ransomware-attack/\r\nPage 3 of 5\n\nEmployer Identification Number (EIN),\r\nUSCIS or Alien Registration Number,\r\nNHS (National Health Service) Number (UK),\r\nMedical Record/Health Insurance Information,\r\nPhotograph, Gender/Gender Identity,\r\nSalary, Social Security Number (US),\r\nFinancial Account Information,\r\nPayment Card Information,\r\nAccount Username and Password,\r\nBiometric Information,\r\nRace/Ethnicity,\r\nCriminal Conviction or Offense,\r\nSexual Orientation/Life,\r\nReligious Beliefs,\r\nUnion Affiliation\r\n\"While there is no indication that any specific information was or will be misused, considering the nature of the incident and\r\nof the affected personal data, we cannot rule out that there may be attempts to carry out fraudulent activity.\" - Wabtec.\r\n\"For this reason, Wabtec encourages individuals to remain vigilant against incidents of identity theft and fraud by reviewing\r\ntheir financial account statements and credit reports for any anomalies.\"\r\nThe company started sending notices of a data breach to all impacted individuals on December 30th, 2022, but the exact\r\nnumber of people affected by the incident remains undisclosed.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nhttps://www.bleepingcomputer.com/news/security/rail-giant-wabtec-discloses-data-breach-after-lockbit-ransomware-attack/\r\nPage 4 of 5\n\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/rail-giant-wabtec-discloses-data-breach-after-lockbit-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/rail-giant-wabtec-discloses-data-breach-after-lockbit-ransomware-attack/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/rail-giant-wabtec-discloses-data-breach-after-lockbit-ransomware-attack/"
	],
	"report_names": [
		"rail-giant-wabtec-discloses-data-breach-after-lockbit-ransomware-attack"
	],
	"threat_actors": [],
	"ts_created_at": 1775434886,
	"ts_updated_at": 1775826783,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/52d52a4374f65b53cf34e43a6ee6820a4c258740.pdf",
		"text": "https://archive.orkl.eu/52d52a4374f65b53cf34e43a6ee6820a4c258740.txt",
		"img": "https://archive.orkl.eu/52d52a4374f65b53cf34e43a6ee6820a4c258740.jpg"
	}
}