Watch Now

Hackers leak data from trucking firm Cardinal Logistics

Ransomware gang posts internal company documents stolen from dedicated carrier

North Carolina-based Cardinal Logistics Management specializes in dedicated trucking services. (Photo: Jim Allen/FreightWaves)

A ransomware gang has posted data stolen from Cardinal Logistics Management, a North Carolina trucking and logistics firm with a fleet of over 3,100 power units specializing in dedicated transportation services.

Cardinal Logistics would not confirm to FreightWaves that it had been targeted in a ransomware attack, calling the incident a “data event.” Private equity firm H.I.G. Capital, Cardinal’s owner since 2019, did not respond to a request for comment.

The data leak appeared on REvil hacking group’s blog on the dark web on Wednesday. The gang claimed its posting amounted to 1% of 700 gigabytes of data including “Financial documents, contracts, NDA, and employee data.” A portion released appears to contain thousands of files, including documents detailing the company’s finances, performance, customer relationships and extensive information about employees. 

Ransomware gangs like REvil generally begin leaking data publicly after their victims refuse to pay ransom demands, which can sometimes run in the millions of dollars. The U.S. government and many security experts advise companies to refuse to pay.

Cardinal Logistics did not address a series of questions about the data leak and apparent ransomware attack, including whether it impacted its trucking operations. The company specializes in providing dedicated contract trucking services across multiple sectors, including health care. 

“Cardinal Logistics Management Corporation was recently effected [sic] by a data event, which based on information currently available resulted in less than 1% of Cardinal’s data being impacted,” the company said in a statement to FreightWaves. “We continue to investigate this matter.” 

Transportation and logistics firms ‘disproportionately affected’ by ransomware attacks

Brett Callow, a threat analyst with Emsisoft who closely monitors ransomware attacks, said groups like REvil generally steal more data than they initially publish, while companies themselves often don’t know the extent of the breach until a forensic examination is completed. 

“I have never known a case where a ransomware group has completely bluffed,” Callow said.

Cardinal is just the latest in a growing number of companies in the supply chain  targeted by ransomware gangs that infiltrate company systems, steal and encrypt data, and then extort the victims.

“Logistics companies do seem to be getting disproportionately affected by ransomware,” Callow said.

Another ransomware gang, Clop, recently posted data from Canadian fuel supplier Parkland Fuel Corp. and Allstate Peterbilt Group, a major Peterbilt truck dealership group based in Minnesota.

Since the summer, hackers have targeted an array of companies serving the global supply chain. The victims include Daseke, Manitoulin Transport, TFI International and CMA CGM.

Click for more FreightWaves articles by Nate Tabak

FedEx, partner win $70M Canada COVID-19 vaccine logistics contract

Canadian trucking company’s shutdown gets happy-ish ending

Manitoulin acquires third US freight forwarder

F3: Future of Freight Festival


The second annual F3: Future of Freight Festival will be held in Chattanooga, “The Scenic City,” this November. F3 combines innovation and entertainment — featuring live demos, industry experts discussing freight market trends for 2024, afternoon networking events, and Grammy Award-winning musicians performing in the evenings amidst the cool Appalachian fall weather.

One Comment

  1. Former driver now law student

    I have a friend that works for this company, and his information was leaked. They sent him an email yesterday telling him and stating that they will send him another email later this week to sign up for credit protection. This company is bad. I can tell you they are losing business and running off employees. Breaking DOT rules and going back on verbal contracts they have with drivers. I hope this group gets millions from this company because they deserve to get back what they dish out.

Comments are closed.

Nate Tabak

Nate Tabak is a Toronto-based journalist and producer who covers cybersecurity and cross-border trucking and logistics for FreightWaves. He spent seven years reporting stories in the Balkans and Eastern Europe as a reporter, producer and editor based in Kosovo. He previously worked at newspapers in the San Francisco Bay Area, including the San Jose Mercury News. He graduated from UC Berkeley, where he studied the history of American policing. Contact Nate at [email protected].