This site is protected by reCAPTCHA and the Google
Terms of Service apply.
Alaska Railroad Corp. (ARRC) yesterday reported a cybersecurity incident occurred late last year when a third party gained unauthorized access to the company's internal data network.
On Dec. 25, 2022, the unauthorized user accessed and acquired personal information regarding ARRC vendors and current and former employees, including their dependents, ARRC officials said in a press release. The company's IT department discovered and contained the breach March 18.
The unauthorized user stole identifying information, including Social Security numbers, banking information, mailing addresses, email addresses and phone numbers, ARRC officials said. The information also could include driver's license or government-issued identification numbers, dates of birth, health insurance information, drug screening results, work evaluations and birth or marriage certificates.
ARRC is investigating the incident, but confirmed that the breach did not extend to a separate portion of the company's network that controls and contains data related to its passenger and freight operations. There is no indication that any riders' personal information was compromised, company officials said.
The railroad has put additional security measures in place to prevent a recurrence. ARRC notified those impacted and offered them free identity protection monitoring for two years.