Watch Now

Ransomware attack on EDI provider highlights cyber risks in supply chain

Faxinating Solutions says no evidence hackers breached electronic data interchange operations

EDI systems are an essential part of how data gets transmitted in the supply chain. (Photo: Jojje/Shutterstock)

A ransomware attack has targeted an electronic data interchange (EDI) provider that works with some of the largest shippers in North America and IBM’s supply chain network. The incident highlights the potential vulnerabilities of the most widely used type of technology that businesses use to communicate information about freight.

The CEO and owner of Canada-based Faxinating Solutions, Steve Hatajlo, disclosed the attack to FreightWaves after the Conti ransomware gang posted 15 files to a leak site last week. Hatajlo said company personnel detected the attack on March 3, and there has been no indication that the hackers breached any systems involving EDI operations.

“For now, we’re not seeing any evidence that the hackers breached the production environment,” Hatajlo said, referring to EDI systems the company runs for its customers. The Quebec company has about 1,200 direct customers, but Hatajlo estimated that about 20,000 companies use its systems. 

Faxinating Solutions is working with outside experts to assist in the response to the hack and the investigation and has also reported the attack to authorities including the federal government’s Canadian Centre for Cyber Security and law enforcement, Hatajlo said, adding that the company also notified its customers.

Partners include Walmart, Costco and Loblaws

While small and relatively obscure, Faxinating Solutions has an outsized presence in the supply chain. It works with some of the largest shippers in North America, including Walmart, Costco and Loblaws, one of the largest grocery chains in Canada, which is owned by the country’s largest food distributor, Loblaw Companies.

“It’s very troubling,” said Gary Newbury, a Toronto-based expert in supply chain management in the food-service sector. .

The development of EDIs dates back to the 1960s, and they have evolved considerably since then. At their core, EDIs provide standardized communications platforms for businesses to conduct transactions with one another.  

Trucking companies working with Loblaw can receive their load tenders and transmit invoices through a portal developed by Faxinating, according to a case study on the EDI provider’s website.

Loblaw Companies did not respond to FreightWaves’ request for comment. 

Faxinating is also a partner with IBM, which offers an optional document conversion service via Faxinating for customers of its Supply Chain Business Network. An IBM spokesperson did not respond to a request for comment.  

While there is no indication that the EDI systems were compromised and the amount of data initially leaked by the hackers is small, the scale of ransomware attacks and data breaches are not often immediately clear. Furthermore, attacks are frequently used to stage other attacks. 

Brett Callow, a threat analyst with cybersecurity software firm Emsisoft, said companies that manage IT services represent prime targets for hackers. 

“Lots of breaches involved managed service providers,” Callow said. “Those breaches tend to lead to other attacks.”

Ransomware attack not an EDI issue, CEO says

Hatajlo, Faxinating’s CEO, while he stressed that the attack remains under investigation, said that it shouldn’t shake anyone’s faith in the company EDI services. He noted that the attack itself came via a sophisticated phishing email from a trusted customer. 

“This is not an issue with EDIs,” he said. 

While EDIs have been in use for decades, they have also evolved with the times. Hataljo said his company’s are highly secure and use an AS2 standard, which includes encryption and digital certificates. 

“We’re not a traditional EDI company,” he said.

Nevertheless, there is precedent for hackers leveraging an attack on an EDI provider to get to its customers. An attack on an EDI provider in 2018 impacted at least four U.S. pipeline companies, according to Bloomberg.  

Hatajlo said while it appears that hackers only breached a small segment of his company’s systems and that EDI operations were not impacted, security measures are being redoubled.

“It’s humbling,” he said.

Click for more FreightWaves articles by Nate Tabak

Nate Tabak

Nate Tabak is a Toronto-based journalist and producer who covers cybersecurity and cross-border trucking and logistics for FreightWaves. He spent seven years reporting stories in the Balkans and Eastern Europe as a reporter, producer and editor based in Kosovo. He previously worked at newspapers in the San Francisco Bay Area, including the San Jose Mercury News. He graduated from UC Berkeley, where he studied the history of American policing. Contact Nate at [email protected]