Shipping company Forward Air discloses data theft following ransomware attack

Freight shipping company Forward Air Corp. has finally disclosed a data breach following a ransomware attack in December 2020.

In a filing with the U.S. Securities and Exchange Commission in February, Forward Air said that it became aware of a ransomware incident affecting its operation and information technology systems on Dec. 15. The company launched an investigation and hired third-party contractors at the time, taking steps to assess, contain and remediate the incident.

That part isn’t new, since Forward Air first disclosed the attack the same month. The company said in its fourth-quarter financial results that the ransomware attack had cost it $7.5 million from lost revenue. Although the company never disclosed the form of ransomware attack, it’s believed to have involved the Hades ransomware from the Evil Corp cybercrime group.

Forward to September and now Forward Air has finally disclosed that data was stolen in the ransomware attack. In a data breach notification to employees reported today by Bleeping Computer, the company said that it had determined that certain data, including personal information, was potentially viewed or taken by an unknown actor.

The stolen data includes employees’ names, addresses, dates of birth, Social Security numbers, driver’s license numbers, passport numbers and bank account numbers.

While noting that it has no evidence that the data has been misused, the company is offering potentially affected employees free credit monitoring service protection.

“This incident once again proves that you don’t need to be an organization with top-secret data or intellectual property to be a target of a cyberattack,” Chris Clements, vice president of solutions architecture at cybersecurity company Cerberus Cyber Sentinel Corp., told SiliconANGLE. “Ransomware has allowed cybercriminals to become much more opportunistic with their attacks, targeting any organization they are able to break into.”

Clements explained that he thinks much of the problem is that organizations not only think they won’t be a target but also fail to account for just how long business can be interrupted by a cyberattack.

“Cybersecurity insurance, even when it does pay out, can’t repair damaged relationships with customers or vendors if you can’t deliver service,” Clements added. “Nor can limited-time credit monitoring fully protect employees or customers from being targets of fraud or identity theft if their personal information is stolen.”

Nick Sanna, chief executive officer of cyber risk management firm RiskLens Inc., noted that there is pressure on chief information security officers to justify the right investments in cybersecurity. A business audience will only support them if they understand the financial impact of ransomware attacks on their organization.

“Quantifying cyber risk in financial terms is key to get the right buy-in and level of protection against this increasingly prevalent threat,” Sanna said.

Photo: Forward Air