Alaska Railroad Corporation Suffers Cyber Attack Leading to Theft of Confidential Information
The transportation giant Alaska Railroad Corporation (ARRC) has recently fallen victim to a cyber attack resulting in the theft of sensitive and confidential information about the company’s employees and suppliers. As a critical infrastructure sector of the United States, transport systems require a high level of protection, which is a national security priority.
It is suspected that the attack took place on December 25th, 2022, but the incident was only reported in April 2023. According to the company statement, “a third-party gained unauthorized access” to ARRC’s internal systems.
ARRC confirmed that it discovered the breach on March 18th, 2023, and took immediate action to identify and contain the attack. The delay in reporting the incident was reportedly due to clarifying the details of the hacking during the investigation held by law enforcement agencies.
The data stolen included confidential information such as personal data of former employees, suppliers and their families, names, date of birth, social insurance numbers (SSN), driver’s license, other identification documents, identification numbers of taxpayers (TIN), and banking information. The attack also revealed extremely sensitive information such as medical insurance, the results of drug tests, work assessments, birth certificates, and marriage details.
The State of Maine’s Prosecutor General’s Office has reported that 7,413 people were affected by the cyber attack. ARRC is offering victims free credit monitoring and protection services to mitigate the damage caused by the theft of personal data.