Posted On January 8, 2023 Consumer Privacy & Data Breaches
January 8, 2023 – After discovering unusual activity on its computer network in December 2022, Wabtec Corporation posted a notice on its website. According to the notice, the malware attack resulted in the release of consumer information such as names, protected health information, financial information, criminal history, Social Security numbers and much more. Once it was confirmed that there was a data leak, Wabtec sent out notification letters to all individuals affected by the data security breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the Wabtec data breach. If you have received a breach notification and are interested in learning about the risks of identity theft and what you can do to protect yourself, we are offering free consultations where we can discuss your legal options for receiving compensation from Wabtec Corporation.
Wabtec Corporation is an industrial manufacturer providing services to over 50 countries. Services provided include systems, services to the transit and freight rail sectors, and digital solutions. The company also provides equipment such as freight cars, transit vehicles, and locomotives, which they also manufacture. Wabtec Corporation was created in 1999 in Pittsburgh, Pennsylvania by the merger of MotivePower Industries Corporation and Westinghouse Air Brake Company. The company now employs over 27,000 people and generates approximately $7 billion in revenue annually.
The source of information regarding the data breach comes from a notice on Wabtec’s website. According to the notice, Wabtec discovered unusual activity in its computer system. Upon further investigation, and with the assistance of cybersecurity specialists, the company discovered that there had been a malware attack starting in March 2022, resulting in the leak of consumer information.
Though it varies among victims, information that has been leaked includes consumer names, Social Security numbers, dates of birth, non-US social insurance numbers, passport numbers, IP addresses, alien registration numbers. It also includes financial information such as payment card information, account usernames and passwords, biometric information, and salaries. Protected health information that was compromised may include medical records and health insurance information. Criminal histories have also been exposed, as well as photographs of sexual orientation, gender/gender identity, and religious beliefs.
On December 19, 2022, Wabtec sent data breach notification letters to all individuals affected by the attack. Wabtec has yet to reveal the total number of people affected by the attack.
With the massive amount of information leaked in the Wabtec Corporation data breach, hackers can commit a multitude of crimes. They can commit any number themselves or sell the information on the dark web to others looking to commit those crimes.
The possibilities are endless as to what kinds of damage can be done with the information obtained in the malware attack. Fraud and identity theft is on the rise in the US with reports indicating that identity theft committed in the second half of 2022 is 50% more than the same time period the previous year.
Some of the things that hackers can do with your information is make fraudulent chargers with your accounts and credit cards. They can also apply for new cards and loans under your name. Information needed to apply only for a credit card is basic and easy to obtain, names, Social Security numbers, and dates of birth. All of which were involved in the Wabtec data breach.
It’s not just financial identity theft that hackers can commit with your information. They can also commit medical identity theft. With all of your protected health information, they can receive medical treatment in your name and leave you with medical bills. This can also lead to misinformation in your medical records, such as medical history or medications.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Wabtec Corporation data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a notice posted on their website:
Our Wabtec entities: Wabtec Corporation, Wabtec UK Limited and Wabtec Brasil Fabricação e Manutenção de Equipamentos Ltda., located in the US, Canada, UK and Brazil, respectively (“together Wabtec”) are providing notice about an event that occurred earlier this year that affected some individuals’ personal information.
What Happened. On June 26, 2022, Wabtec became aware of unusual activity on its network and promptly began an internal investigation. It was subsequently determined that malware was introduced into certain systems as early as March 15, 2022. Wabtec, with the assistance of leading cybersecurity firms, assessed the scope of the incident to, among other things, determine if personal data may have been affected. Additionally, shortly after discovery of the event, Wabtec notified the Federal Bureau of Investigation.
The forensic investigation did reveal that certain systems containing sensitive information were subject to unauthorized access, and that a certain amount of data was taken from the Wabtec environment on June 26, 2022. The information was later posted to the threat actor’s leak site. On November 23, 2022, Wabtec, with the assistance of data review specialists, determined that personal information was contained within the impacted files. On December 30, 2022, Wabtec began notifying affected individuals, per relevant regulations, with a formal letter, to let them know their data was involved.
What Information Was Involved. The affected information varies by individual but includes a combination of the following data elements: First and Last Name, Date of Birth, Non-US National ID Number, Non-US Social Insurance Number or Fiscal Code, Passport Number, IP Address, Employer Identification Number (EIN), USCIS or Alien Registration Number, NHS (National Health Service) Number (UK), Medical Record/Health Insurance Information, Photograph, Gender/Gender Identity, Salary, Social Security Number (US), Financial Account Information, Payment Card Information, Account Username and Password, Biometric Information, Race/Ethnicity, Criminal Conviction or Offense, Sexual Orientation/Life, Religious Beliefs, Union Affiliation.
What Wabtec Is Doing. Wabtec is committed to and takes very seriously its responsibility to safeguard all data entrusted to it. As part of the company’s ongoing commitment to the security of personal information in its care, it has taken additional steps to reinforce the integrity and security of its systems and operations, including implementing additional procedural safeguards. Wabtec has been notifying all applicable regulatory and data protection authorities, as required.
What You Can Do | Potential Consequences. While there is no indication that any specific information was or will be misused, considering the nature of the incident and of the affected personal data, we cannot rule out that there may be attempts to carry out fraudulent activity. For this reason, Wabtec encourages individuals to remain vigilant against incidents of identity theft and fraud by reviewing their financial account statements and credit reports for any anomalies. Please see below for additional details in the different jurisdictions.
For More Information. If individuals have additional questions not addressed in this notice, they may contact a member of Wabtec’s data privacy team by sending an email to firstname.lastname@example.org. Please see below for additional contact details in the different jurisdictions.