SECURITY
SECURITY
SECURITY
Railroad firm Railworks hit by ransomware and employee data stolen
Railroad construction and maintenance firm Railworks Corp. has disclosed a ransomware attack that may have also resulted in the breach of personally identifiable information.
The attack took place on Jan. 27 and email notifications were sent to those affected by the attack between Jan. 30 and Feb. 7. Data potentially stolen in the attack included names, addresses, driver license numbers, government-issued IDs, Social Security numbers, dates of birth and other employee information. Those affected were employees, family members and independent contractors.
Details of how the attack took place are somewhat vague. Railworks said it involved a “sophisticated cyberattack in which an unauthorized third party encrypted its servers and systems.” No information was provided as to whether any Railwork projects or services were shut down or otherwise affected by the attack.
The company is offering those affected free credit monitoring services for 12 months, though it noted that it has no evidence thus far that the information that was stolen had been misused.
Railworks has 3,500 employees in 45 states across the U.S. and Canada and currently manages contracts worth $3 billion. Notable projects managed by the company included the New Orleans’ new streetcar line, the JFK Airport AirTrain upgrade and various other projects in New York. Potentially the number of people affected by the data breach, including contractors could be in the tens of thousands.
James McQuiggan, security awareness advocate at security awareness training firm KnowBe4 Inc., told SiliconANGLE that organizations take a high risk when they don’t implement proper security measures to protect their intellectual property, personal information or other sensitive information.
“In similar cases organizations provide free credit monitoring, which in turn requires the folks to provide the same sensitive information that was taken to a third party that will monitor their identity and social security numbers for only one year,” he said. “The money that organizations spend on monitoring services post-breach would have been better spent on educating and training their employees on social engineering scams or the folks responsible for securing infrastructure, applications or data.”
Photo: Railworks
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
