Pierluigi Paganini February 29, 2020

RailWorks Corporation, one of the leading railroad track and transit system providers in North America, disclosed a ransomware attack.

RailWorks Corporation, one of the leading providers of rail infrastructure solutions in North America, disclosed a ransomware attack. The security breach may have also exposed personally identifiable information (i.e. Government-issued IDs, Social Security numbers, dates of birth, dates of hire/termination and/or retirement) for current and former employees, their beneficiaries and dependents, and contractors.

“As you know, RailWorks was the victim of a sophisticated cyberattack in which an unauthorized third party encrypted its servers and systems, which may have involved access to your name, address, driver’s license number and/or government issued ID, Social Security number, date of birth and date of hire/termination and/or retirement.” reads the data breach notice issued by the company.

RailWorks was established in 1998, it provides infrastructure construction services in the United States and Canada. The company constructs, installs, and maintains transit and crossing warning systems, tracks, HBDs, switch heaters, and fiber optic cables.

RailWorks has over 3,500 employees, 45 offices in the United States and Canada.

According to the data breach notice send sent by email to the affected individuals, the attack took place on January 30 and February 7.

RailWorks filed with California’s Office of the Attorney General, it confirmed that was the victim of a sophisticated cyberattack in which an unauthorized third party encrypted its servers and systems.

The company confirmed that it is not aware of abuses of the exposed personal information, it also announced that it is taking precautionary measures to help you protect the financial security of the impacted individuals by providing them with access to free credit monitoring for twelve months through Identity Guard Total.

The organization did not disclose details about the attack, such as the family of ransomware that infected its systems.

“We are committed to helping those who may have been impacted by this unfortunate situation,” continues the notice. “That’s why we are providing you with access to free credit monitoring for twelve (12) months through Identity Guard Total.”

“Identity Guard Total provides essential monitoring and protection of not only credit data, but also monitors the Dark Web and alerts you if your Social Security number, credit cards, and bank account numbers are found in unsecure online locations.”

RailWorks also set up a dedicated call center at 1-866-977-1068 for questions and concerns.

This case is singular because the company notified a data breach following a ransomware attack, it the past months, many companies that were victims of similar attacks did not disclose the breach and in some cases, stolen data were leaked online because the did not pay the ransom.

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]