Watch Now

Marten Transport discloses cyberattack, warns employee data could be at risk

Trucking company acknowledges incident in SEC filing days after ransomware gang claimed responsibility

Marten Transport said it detected the cyberattack on Oct. 3. (Photo: Jim Allen/FreightWaves)

Wisconsin-based trucking company Marten Transport has confirmed it was the victim of a cyberattack earlier in October and warned that employee data could have been compromised, according to a Securities and Exchange Commission filing on Wednesday.

Marten said in the filing that the company detected the attack on Oct. 3 and were accessed and encrypted as part of the incident. It came three days after a cybercriminal group posted a claim — which was quickly taken down — to the dark web alleging that it had targeted the firm in a ransomware attack and stole more than 100 gigabytes of data.

Marten (NASDAQ:MRTN) did not make a reference to a ransomware attack in the filing. FreightWaves had previously contacted the company about the Hive cybercriminal group’s claim, but did not receive a response.

The company, which is continuing to investigate the attack, did not disclose in the SEC filing how much data had been stolen or how many employees could have been affected. 

“The investigation indicates that certain employee data may have been at risk during the event and, out of an abundance of caution, the company is offering its employees with credit monitoring and identity restoration services at no cost for two years,” Marten said in the filing.

The company said it does not expect its financial results to change materially because of the attack.

Company had disputed earlier reporting on attack, impacts

The SEC filing marked Marten’s first public acknowledgment of the attack, which FreightWaves previously reported. A company lawyer had disputed aspects of the report, writing “the cyberattack did not occur around 2:30 p.m. CDT on Sunday [Oct. 3]” and that the company’s operations system was not knocked out.

Sources said at the time that the attack had taken its operations system offline and that issues persisted for days.

Marten said in the filing that it was “able to restore full functionality to its information technology systems quickly with minimal disruptions to its operations.”

“While the investigation of the incident is ongoing, the company has implemented a series of containment and remediation measures to address this situation and reinforce the security of its information technology systems,” the company wrote.

The company said it had engaged security experts and notified law enforcement.

On Sunday, a ransomware gang called Hive made a post to its leak site on the dark web claiming responsibility for the attack. It also claimed to have stolen 114 gigabytes of data, which it threatened to post. The post, however, soon disappeared from Hive’s leak site without explanation.

Hive operates by attempting to extort victims by crippling systems through encrypting data. It demands ransom payments in exchange for a key to unlock the data and a promise not to leak any stolen files.

While Marten hasn’t acknowledged that it was the victim of a ransomware attack, companies often don’t refer to these incidents in specific terms – especially in SEC filings.

“SEC 8-K reports which use terminology such as ‘cybersecurity incident which resulted in the encryption of data’ are almost always referring to ransomware attacks,” Brett Callow, a threat analyst with cybersecurity firm Emsisoft, wrote in an email.

Read more

Click for more FreightWaves articles by Nate Tabak

Nate Tabak

Nate Tabak is a Toronto-based journalist and producer who covers cybersecurity and cross-border trucking and logistics for FreightWaves. He spent seven years reporting stories in the Balkans and Eastern Europe as a reporter, producer and editor based in Kosovo. He previously worked at newspapers in the San Francisco Bay Area, including the San Jose Mercury News. He graduated from UC Berkeley, where he studied the history of American policing. Contact Nate at [email protected].