Ransomware attack on EDI provider highlights cyber risks in supply chain

A ransomware attack has targeted an electronic data interchange (EDI) provider that works with some of the largest shippers in North America and IBM’s supply chain network. The incident highlights the potential vulnerabilities of the most widely used type of technology that businesses use to communicate information about freight.

The CEO and owner of Canada-based Faxinating Solutions, Steve Hatajlo, disclosed the attack to FreightWaves after the Conti ransomware gang posted 15 files to a leak site last week. Hatajlo said company personnel detected the attack on March 3, and there has been no indication that the hackers breached any systems involving EDI operations.

“For now, we’re not seeing any evidence that the hackers breached the production environment,” Hatajlo said, referring to EDI systems the company runs for its customers. The Quebec company has about 1,200 direct customers, but Hatajlo estimated that about 20,000 companies use its systems. 

Faxinating Solutions is working with outside experts to assist in the response to the hack and the investigation and has also reported the attack to authorities including the federal government’s Canadian Centre for Cyber Security and law enforcement, Hatajlo said, adding that the company also notified its customers.

Partners include Walmart, Costco and Loblaws

While small and relatively obscure, Faxinating Solutions has an outsized presence in the supply chain. It works with some of the largest shippers in North America, including Walmart, Costco and Loblaws, one of the largest grocery chains in Canada, which is owned by the country’s largest food distributor, Loblaw Companies.