Wabtec reveals June cyber-assault affecting U.S. and foreign operations

Data breach at a Pittsburgh-based company, acknowledged in late December, occurred several months prior and involved information that appeared on a LockBit website following a hack.

, and Administrator

2025 September 5 . 9:34 AM

1 min read

Wabtec reveals the impact of June's cyber-assault on its U.S. and international operations.

Wabtec reveals June cyber-assault affecting U.S. and foreign operations

In a significant cybersecurity incident, Wabtec Corporation, a global leader in rail and transit solutions, has been the victim of a cyberattack. The attack, conducted by the notorious group LockBit 3.0, was first discovered on June 26, 2022, but malware was introduced as early as March 15, 2022.

The threat actor gained access to sensitive parts of Wabtec's environment, stole data, and posted it onto an online leak site. The stolen data includes personal information such as names, dates of birth, passport numbers, payment card information, health insurance data, salaries, biometric data, photographs, non-U.S. national ID and social insurance information, and other data.

The incident appears to be a straightforward double extortion attack with sensitive files posted in August. However, the company has not publicly confirmed whether a ransom was demanded or paid in the attack.

Wabtec employees were warned in June about a possible ransomware attack. By Nov. 23, the company, aided by outside data specialists, realised that personally identifiable data was taken. Formal notifications were sent by letter on Dec. 30 regarding the stolen personal information.

The attack has impacted Wabtec's rail operations in the U.S., U.K., and Brazil. This rail cybersecurity issue can exacerbate critical supply chain issues, especially during times of worker shortages and other disruptions.

The rail industry has been under increased scrutiny recently, with the Transportation Security Administration introducing directives for companies in the rail industry to implement cybersecurity plans as early as October.

Wabtec Corporation provides about 20% of the world's freight and is a major parts and technology provider for rail and transit systems. The company contacted the FBI soon after discovering the attack, and the ongoing investigation is expected to provide more details about the incident.