Forward Air ransomware attack may have exposed sensitive employee data
The devastating ransomware attack that hit Forward Air Corp. in December could have exposed sensitive personal information of current and former employees, according to data breach notices sent by the trucking giant.
The Tennessee-based company sent letters to attorney general offices in at least four states – California, Vermont, Montana and New Hampshire – on September 24 as it began to notify those affected. They warn that information, including names, addresses, dates of birth and social security, driver’s license, bank account and passport numbers, may have been subject to “unauthorized access” in November and early December.
The reviews do not explicitly refer to the December ransomware attack, which crippled Forward (NASDAQ: FWRD) systems and operations. But they say the company discovered the potential data exposure while investigating “suspicious activity” detected on its systems on or around December 15 – the date the company said it was first notified of the incident. ransomware attack.
“At this time, there is no indication that anyone’s information has been misused or attempted to be misused,” said Jay Tomasello, chief information officer. written in a letter sent to affected people, which also offers free credit monitoring for one year. “Nevertheless, we are informing you because your information has been stored on our systems. “
It is not known how many people may have been affected. But a letter sent to the New Hampshire attorney general’s office said it included current and former employees.
Hackers frequently linger inside corporate systems for long periods of time before deploying ransomware. In many cases, they steal data as additional leverage against their victims, threatening to publish it or sell it if they don’t pay.
Ransomware victims may never know the full extent of compromised data
Determining if data has been stolen in a ransomware attack usually involves a careful forensic investigation. In cases where attackers have covered their tracks, making this decision can be difficult, if not impossible.
Complicating the problems for victims of ransomware attacks: The varying disclosure requirements in each state and the risk of costly litigation for those affected by data breaches.
Forward was attacked by a ransomware gang called Hades. Little was known about the group at the time, but cybersecurity firm CrowdStrike subsequently concluded that Hades served as a front for notorious Russia-based cybercriminal Evil Corp to evade U.S. sanctions.
A Forward Air spokesperson did not respond to FreightWaves’ requests for comment.
Click for more FreightWaves articles by Nate Tabak