Railroad Construction Firm RailWorks Falls Victim to Ransomware

Source: Securityweek

Rail contractor RailWorks Corporation is notifying employees and third-parties that it recently fell victim to a ransomware attack in which sensitive information might have been compromised.

Founded in 1998, the track, transit and rail system services provider builds and maintains rail transportation infrastructure in the United States and Canada. The company has more than 3,500 employees in North America.

At the end of January, the company started informing employees of a cyber-incident that resulted in servers and systems being encrypted, and has since filed data breach notifications with California’s Office of the Attorney General.

The incident, which the company refers to as a “sophisticated cyberattack,” was clearly a ransomware attack, where cybercriminals managed to compromise systems within the contractor’s environment and plant data-encrypting malware on them.

The affected machines, RailWorks explains in the breach notifications, might have contained personally identifiable information (PII) of its employees, former employees, and third-party contractors.

The incident “may have involved access to your name, address, driver’s license number and/or government issued ID, Social Security number, date of birth and date of hire/termination and/or retirement,” the company told its employees.

Data that RailWorks stored on non-employees, and which might have been affected, includes names, addresses, Social Security numbers, dates of birth, and dates of hire/termination and/or retirement, the contractor said in a second data breach notification.

A third notification filed with California’s Office of the Attorney General covers potentially compromised data of impacted individuals’ minor children.

RailWorks says it has no indication that the personal information of the affected individuals or their minor children was misused, but offers free credit monitoring as a precautionary measure.

What the company hasn’t disclosed yet is the number of affected individuals and how the hackers gained access to its systems in the first place.