The devastating ransomware attack that hit Forward Air Corp. in December may have exposed sensitive personal information of current and former employees, according to data breach notices sent by the trucking giant.
The Tennessee-based firm sent letters to the attorney general offices in at least four states — California, Vermont, Montana and New Hampshire — on Sept. 24 as it began notifying the affected people. They warn that information including names, addresses, birthdates, and Social Security, driver’s license, bank account and passport numbers could have been “subject to unauthorized access” in November and early December.
The notices don’t explicitly refer to the December ransomware attack, which crippled Forward’s (NASDAQ:FWRD) systems and operations. But they state that the company uncovered the potential data exposure while investigating “suspicious activity” detected on its systems on or around Dec. 15 — the date that the company says it first became aware of the ransomware attack.
“At this time there is no indication that anyone’s information has been subject to actual or attempted misuse,” Forward Chief Information Officer Jay Tomasello wrote in a letter being sent to affected people, which also offers free credit monitoring for a year. “Nevertheless we are informing you because your information was stored on our systems.”
It’s unclear how many people may have been affected. But a letter sent to the office of the New Hampshire attorney general said it includes current and former employees.
Hackers frequently linger inside companies’ systems for extended periods before deploying ransomware. In many cases, they steal data as added leverage against their victims, threatening to post or sell it if they don’t pay.
Ransomware victims may never know full extent of data compromised
Determining if data was stolen in a ransomware attack generally involves a painstaking forensic investigation. In cases where the attackers have covered their tracks, making that determination can prove challenging or even impossible.
Complicating matters for ransomware attack victims: the varying disclosure requirements in each state and the risk of costly litigation brought on those affected by the data breaches.
Forward was attacked by a ransomware gang called Hades. Little was known about the group at the time, but the cybersecurity firm CrowdStrike subsequently concluded that Hades served as a front for the notorious Russia-based cybercriminal Evil Corp to evade U.S. sanctions.
A Forward Air spokesperson did not respond to FreightWaves’ requests for comment.
Read more
Freight Fraud Symposium
Double brokering. AI deepfakes. Identity theft. Freight fraud is an existential threat to the industry. Get ahead of it.
Supply Chain AI Symposium
Past the hype. Join operators, founders, and enterprise leaders figuring out how to deploy AI in supply chain.
Future of Rail Symposium
Reshoring is rewriting freight demand. Join shippers, rail executives, and government officials to shape the next decade.
Double brokering. AI deepfakes. Identity theft. Freight fraud is an existential threat to the industry. Get ahead of it.
Rock & Roll Hall of Fame • Cleveland, OH Register NowPast the hype. Join operators, founders, and enterprise leaders figuring out how to deploy AI in supply chain.
The Old Post Office • Chicago, IL Register NowReshoring is rewriting freight demand. Join shippers, rail executives, and government officials to shape the next decade.
The Signal at Chattanooga Choo Choo • Chattanooga, TN Register Now