Watch Now

Forward Air likely hit in cyberattack, experts say

Analyst: Incident ‘consistent with a ransomware attack”

Forward Air says it is investigating an "IT security incident." (Photo: Jim Allen/FreightWaves)

An “IT security incident” at Tennessee-based transportation and logistics firm Forward Air Corp. (NASDAQ:FWRD) likely resulted from a cyberattack, possibly one involving ransomware, experts told FreightWaves. 

While the company has disclosed little publicly and did not respond to FreightWaves’ questions about the incident, the incident has the hallmarks of a cyberattack: the company’s nebulous acknowledgment of an “IT security incident,” emails bouncing, engagement with outside experts, and the extended outage of its website and other systems.

“This would certainly appear to be consistent with a ransomware attack,” Brett Callow, a threat analyst with software firm Emsisoft who closely follows such attacks, told FreightWaves. 

David Jarmon, a vice president at cybersecurity firm Gray Analytics and former Department of Defense official, said the limited information provided by the company suggests it was “targeted in a cyberattack, likely involving malware infecting its systems, which brings ransomware into consideration.” 

The perpetrators of ransomware attacks seek to extort money from their victims by denying them access to their data, and increasingly stealing and threatening to publish it unless the victims pay them. In recent months, ransomware gangs have targeted multiple trucking and logistics companies and other firms serving the supply chain, most recently dedicated contract carrier Cardinal Logistics.  

Forward Air brings in outside experts to help investigate

According to a statement from Forward, the company first detected an “IT security incident” on Tuesday. 

“Per our information security protocols, we immediately took our systems offline and engaged several third-party experts to assist us in conducting an internal investigation,” Forward said in a statement Wednesday sent to FreightWaves and posted to its website. “Our IT team is working diligently to restore the affected systems and services and bring them back online as soon as possible.” 

Ransomware attacks have proliferated because they can be extremely lucrative for hackers, who sometimes demand sums in the millions of dollars to return access to victims’ data, and a promise not to publish stolen files. 

Companies that refuse to pay can sometimes see massive, sensitive company data posted to the dark web in retaliation. Trucking and logistics firms that have seen their data posted have included Cardinal Logistics, Daseke, TFI International and Manitoulin Transport.

A Forward Air spokesperson did not respond to questions from FreightWaves about its security issue, and specifically whether it had been the victim of a ransomware attack. The Tennessee Bureau of Investigation, which investigates cybercrime in the state, also not did not respond to an email from FreightWaves.

If you have a story to share, please send an email here. Your name or information will not be used without your permission.

Click for more FreightWaves articles by Nate Tabak

When ransomware attacks hit, companies choose between pay and pain

Hackers leak data from trucking firm Cardinal Logistics

Canadian fuel distributor Parkland targeted in cyberattack

F3: Future of Freight Festival


The second annual F3: Future of Freight Festival will be held in Chattanooga, “The Scenic City,” this November. F3 combines innovation and entertainment — featuring live demos, industry experts discussing freight market trends for 2024, afternoon networking events, and Grammy Award-winning musicians performing in the evenings amidst the cool Appalachian fall weather.


  1. John Nazars

    Might have been part of that Russian Cyber attack. Forward air is a massive supply chain company and they could certainly be a target of hostile foreign governments.

Comments are closed.

Nate Tabak

Nate Tabak is a Toronto-based journalist and producer who covers cybersecurity and cross-border trucking and logistics for FreightWaves. He spent seven years reporting stories in the Balkans and Eastern Europe as a reporter, producer and editor based in Kosovo. He previously worked at newspapers in the San Francisco Bay Area, including the San Jose Mercury News. He graduated from UC Berkeley, where he studied the history of American policing. Contact Nate at [email protected].