The devastating ransomware attack that hit Forward Air Corp. in December may have exposed sensitive personal information of current and former employees, according to data breach notices sent by the trucking giant.
The Tennessee-based firm sent letters to the attorney general offices in at least four states — California, Vermont, Montana and New Hampshire — on Sept. 24 as it began notifying the affected people. They warn that information including names, addresses, birthdates, and Social Security, driver’s license, bank account and passport numbers could have been “subject to unauthorized access” in November and early December.
The notices don’t explicitly refer to the December ransomware attack, which crippled Forward’s (NASDAQ:FWRD) systems and operations. But they state that the company uncovered the potential data exposure while investigating “suspicious activity” detected on its systems on or around Dec. 15 — the date that the company says it first became aware of the ransomware attack.
“At this time there is no indication that anyone’s information has been subject to actual or attempted misuse,” Forward Chief Information Officer Jay Tomasello wrote in a letter being sent to affected people, which also offers free credit monitoring for a year. “Nevertheless we are informing you because your information was stored on our systems.”
It’s unclear how many people may have been affected. But a letter sent to the office of the New Hampshire attorney general said it includes current and former employees.
Hackers frequently linger inside companies’ systems for extended periods before deploying ransomware. In many cases, they steal data as added leverage against their victims, threatening to post or sell it if they don’t pay.
Ransomware victims may never know full extent of data compromised
Determining if data was stolen in a ransomware attack generally involves a painstaking forensic investigation. In cases where the attackers have covered their tracks, making that determination can prove challenging or even impossible.
Complicating matters for ransomware attack victims: the varying disclosure requirements in each state and the risk of costly litigation brought on those affected by the data breaches.
Forward was attacked by a ransomware gang called Hades. Little was known about the group at the time, but the cybersecurity firm CrowdStrike subsequently concluded that Hades served as a front for the notorious Russia-based cybercriminal Evil Corp to evade U.S. sanctions.
A Forward Air spokesperson did not respond to FreightWaves’ requests for comment.
Read more
Supply Chain AI Symposium
Past the hype. Join operators, founders, and enterprise leaders figuring out how to deploy AI in supply chain.
F3: Future of Freight Festival
Industry-defining keynotes, rapid-fire technology demos, and industry leaders networking in experiences across Chattanooga - plus the inaugural F3 Awards Dinner featuring the FreightTech and Shipper of Choice reveals.
Past the hype. Join operators, founders, and enterprise leaders figuring out how to deploy AI in supply chain.
The Old Post • Chicago, IL Register NowIndustry-defining keynotes, rapid-fire technology demos, and industry leaders networking in experiences across Chattanooga - plus the inaugural F3 Awards Dinner featuring the FreightTech and Shipper of Choice reveals.
The Signal at Chattanooga Choo Choo • Chattanooga, TN Register Now