Watch Now


CSX probes ‘security incident’ as hackers leak data

Rail operator blames troubled third-party software, notifies law enforcement.

A ransomware gang leaked data that it claims it stole from U.S. rail operator CSX. (Photo: Jim Allen/FreightWaves)

U.S. rail operator CSX (NASDAQ:CSX) said it is investigating a “data security incident” linked to a software provider, Accellion, after a ransomware gang posted screenshots of internal company files to a leak site on Tuesday. The files appear to contain personal information about employees and retirees. 

The Jacksonville, Florida-based company told FreightWaves in a statement that it recently learned about the incident and has notified law enforcement.

“To date, this incident has had no impact on business operations or our ability to serve our customers,” CSX said in a statement. 

The Clop ransomware gang posted four screenshots including from what appear to be spreadsheets containing information about pension plan recipients and an employee roster. 


Clop did not indicate how much data it may have stolen. Ransomware gangs often slowly post data to leak sites to pressure companies to pay them. 

CSX revealed few details about what occurred but said the incident happened because of a vulnerability in file-transfer software from Accellion, FTA. CSX said it took FTA offline on Jan. 5 and migrated to a new system. 

Accellion’s 20-year-old file transfer product was targeted in cyberattacks in December and January. The attack has since been linked to multiple hacks of companies and government agencies, including retail giant Kroger and NSW Transport, the transport agency for the Australian state of New South Wales.

“Potentially there are a lot more of these,” said Brett Callow, a threat analyst with the cybersecurity software firm Emsisoft.


Callow noted that Clop frequently uses breaches to stage attacks against victims’ customers. 

“They should be on high alert,” Callow said of CSX’s customers. 

CSX is one of largest rail operators in the U.S., with its network primarily concentrated on the East Coast. The company generated $2.8 billion in net profits on $10.6 billion in revenue in 2020.

In January, short line rail operator and logistics provider OmniTRAX disclosed that it had been victim of ransomware attack and data theft as part of an incident targeting its parent company, Broe Group.

Click for more FreightWaves articles by Nate Tabak
Inside a ransomware attack on a small trucking company
Hackers expose Hyundai logistics data after apparent ransomware attack
XTL makes its first acquisition as Canada trucking M&A heats up

3 Comments

  1. Lisa Thornton

    The best thing that could happen to anyone trying to get his/her credit fixed is getting a certified private hacker , was actually in need of a hacker to fix my credit and Erase all negatives and I’m glad I found one that came to my rescue at last .. He did all that within 2 weeks just as he promised .. He’s actually the best at what he does .. contact him just incase you’re in need of one .. Email : Webghost[at]hackermail[dot]com .

  2. George Branson

    The frustration is that I have spent enough on credit repairs before I finally saw a recommendation on a 5G article on Washington late post.I have a medical surgery bill of my late dad which was reported on my report ,believing I will pay them off soon but got into a big mess, I had 6 inquiries off my credit report ,in the process of looking for a credit expert,I was denied mortgage ( renovation) loan .I am not here to sugarcoat anyone ,it’s been 19 days of working with this dude,I have successfully boosted my score from 430 fico to 640 credit score with all inquiries deleted while medical bills has been settled ,i am in the final phase of fixing to get the excellent score of 780- 820 before I reapply.Your credit report can make you smile again, reach out to this buddy via GenerationXweenie@Gmail dOT com for credit fix ,hacking.

  3. caroline wise

    People have lost hope in hackers after many have search and search and nothing to show from, Am here to prove to the world that hacking is real. If you want some hacking miracle? contact me from the email below.i will solve all your hacking problem and you have no other reason to search no more. HACK INTO ANY BANK WEBSITE, HACK INTO ANY COMPANY WEBSITE ,HACK INTO ANY GOVERNMENT AGENCY WEBSITE, HACK INTO SECURITY AGENCY WEBSITE, ERASE CRIMINAL RECORDS, HACK INTO ANY DATABASE SYSTEM,HACK PAYPAL ACCOUNT, HACK WORD-PRESS Blogs, SERVER CRASHED , HACK INTO ANY SCHOOL DATABASE AND CHANGE UNIVERSITY GRADES, no matter how secured. HACK INTO CREDIT BUREAU DATABASE AND INCREASE YOUR CREDIT SCORE ,HACK ANY EMAIL OR SOCIAL NETWORK AND KNOW IF YOUR PARTNER IS CHEATING ON YOU .HACK INTO YOUR PARTNER’S PHONE PICS, TEXT MESSAGES AND LISTEN TO CALLS TO KNOW IF HE IS CHEATING, UNTRACEABLE INTERNET PROTOCOL. HAVE YOU OR YOUR CHILD BEEN BULLIED ONLINE BEFORE AND WANT TO GET BACK AT THE PERSON, WE CAN HELP YOU TRACE THE ACTUAL LOCATION OF THE PERSON AND DO WHATEVER YOU REQUEST TO THE PERSONS COMPUTER. IS ANYONE BLACKMAILING YOU ONLINE AND YOU WANT US TO GET INTO THEIR COMPUTER AND DESTROY DATA AND EVIDENCES AGAINST YOU?
    contact majicspy @protonmail.com

Comments are closed.

Nate Tabak

Nate Tabak is a Toronto-based journalist and producer who covers cybersecurity and cross-border trucking and logistics for FreightWaves. He spent seven years reporting stories in the Balkans and Eastern Europe as a reporter, producer and editor based in Kosovo. He previously worked at newspapers in the San Francisco Bay Area, including the San Jose Mercury News. He graduated from UC Berkeley, where he studied the history of American policing. Contact Nate at [email protected].