• ITVI.USA
    15,299.350
    -21.430
    -0.1%
  • OTRI.USA
    25.450
    -0.420
    -1.6%
  • OTVI.USA
    15,283.310
    -26.860
    -0.2%
  • TLT.USA
    2.670
    0.020
    0.8%
  • TSTOPVRPM.PHLCHI
    2.160
    -0.030
    -1.4%
  • TSTOPVRPM.DALLAX
    1.440
    0.000
    0%
  • TSTOPVRPM.CHIATL
    3.160
    -0.090
    -2.8%
  • TSTOPVRPM.ATLPHL
    2.900
    -0.030
    -1%
  • TSTOPVRPM.LAXSEA
    3.400
    -0.020
    -0.6%
  • TSTOPVRPM.LAXDAL
    2.820
    -0.010
    -0.4%
  • WAIT.USA
    125.000
    -1.000
    -0.8%
  • ITVI.USA
    15,299.350
    -21.430
    -0.1%
  • OTRI.USA
    25.450
    -0.420
    -1.6%
  • OTVI.USA
    15,283.310
    -26.860
    -0.2%
  • TLT.USA
    2.670
    0.020
    0.8%
  • TSTOPVRPM.PHLCHI
    2.160
    -0.030
    -1.4%
  • TSTOPVRPM.DALLAX
    1.440
    0.000
    0%
  • TSTOPVRPM.CHIATL
    3.160
    -0.090
    -2.8%
  • TSTOPVRPM.ATLPHL
    2.900
    -0.030
    -1%
  • TSTOPVRPM.LAXSEA
    3.400
    -0.020
    -0.6%
  • TSTOPVRPM.LAXDAL
    2.820
    -0.010
    -0.4%
  • WAIT.USA
    125.000
    -1.000
    -0.8%
BusinessCybersecurityNewsRailTechnologyTop Stories

CSX probes ‘security incident’ as hackers leak data

Rail operator blames troubled third-party software, notifies law enforcement.

U.S. rail operator CSX (NASDAQ:CSX) said it is investigating a “data security incident” linked to a software provider, Accellion, after a ransomware gang posted screenshots of internal company files to a leak site on Tuesday. The files appear to contain personal information about employees and retirees. 

The Jacksonville, Florida-based company told FreightWaves in a statement that it recently learned about the incident and has notified law enforcement.

“To date, this incident has had no impact on business operations or our ability to serve our customers,” CSX said in a statement. 

The Clop ransomware gang posted four screenshots including from what appear to be spreadsheets containing information about pension plan recipients and an employee roster. 

Clop did not indicate how much data it may have stolen. Ransomware gangs often slowly post data to leak sites to pressure companies to pay them. 

CSX revealed few details about what occurred but said the incident happened because of a vulnerability in file-transfer software from Accellion, FTA. CSX said it took FTA offline on Jan. 5 and migrated to a new system. 

Accellion’s 20-year-old file transfer product was targeted in cyberattacks in December and January. The attack has since been linked to multiple hacks of companies and government agencies, including retail giant Kroger and NSW Transport, the transport agency for the Australian state of New South Wales.

“Potentially there are a lot more of these,” said Brett Callow, a threat analyst with the cybersecurity software firm Emsisoft.

Callow noted that Clop frequently uses breaches to stage attacks against victims’ customers. 

“They should be on high alert,” Callow said of CSX’s customers. 

CSX is one of largest rail operators in the U.S., with its network primarily concentrated on the East Coast. The company generated $2.8 billion in net profits on $10.6 billion in revenue in 2020.

In January, short line rail operator and logistics provider OmniTRAX disclosed that it had been victim of ransomware attack and data theft as part of an incident targeting its parent company, Broe Group.

Click for more FreightWaves articles by Nate Tabak
Inside a ransomware attack on a small trucking company
Hackers expose Hyundai logistics data after apparent ransomware attack
XTL makes its first acquisition as Canada trucking M&A heats up

Nate Tabak, Border and North America Correspondent

Nate Tabak is a Toronto-based investigative journalist and producer who covers cybersecurity and cross-border trucking and logistics for FreightWaves. He spent seven years reporting stories in the Balkans and Eastern Europe as a reporter, producer and editor based in Kosovo. He previously worked at newspapers in the San Francisco Bay Area, including the San Jose Mercury News. He graduated from UC Berkeley, where he studied the history of American policing. Contact Nate at ntabak@freightwaves.com.

One Comment

  1. Email: int.hackers002@gmail.com
    WhatsApp: +1(765) 705-0044
    -hack into any kind of phone
    _Increase Credit Scores
    _western union, bitcoin and money gram hacking
    _criminal records deletion_BLANK ATM/CREDIT CARDS
    _Hacking of phones(that of your spouse, boss, friends, and see whatever is being discussed behind your back)
    _Security system hacking…and so much more. Contact THEM now and get whatever you want at