Forward Air, a shipping company, has revealed a data breach as a result of a ransomware attack that enabled threat actors to acquire employees' personal information.
Forward Air was struck with a ransomware attack in December 2020 by what was thought to be a new cybercrime group known as Hades. Forward Air's network was shut down as a consequence of the assault, causing commercial interruption and the inability to release freight for transport.
Forward Air stated in an SEC filing that it lost $7.5 million of less than load (LTL) freight revenue mainly due to the Company's requirement to momentarily halt its electronic data interfaces with its clients.
Researchers later discovered that this assault was most likely carried out by members of the Evil Corp cybercrime group, who frequently carry out operations under different ransomware identities, such as Hades, to avoid US penalties.
Multiple Forward Air workers contacted BleepingComputer at the time, concerned that the hack had revealed their personal information.
As part of the attack, the threat actors built up a Twitter account that they stated would be utilized to leak Forward Air data. However, no data was ever found to be released by threat actors.
After almost a year, Forward Air has revealed that the current and ransomware attacks exposed the data of previous workers.
A data breach notification sent to Forward Air employees stated, "On December 15, 2020, Forward Air learned of suspicious activity occurring within certain company computer systems. Forward Air immediately launched an investigation to determine the nature and scope of the incident."
"The investigation determined that certain Forward Air systems were accessible in November and early December 2020 and that certain data, which may have included your personal information, was potentially viewed or taken by an unknown actor."
Employee names, addresses, dates of birth, Social Security numbers, driver's licence numbers, passport numbers, and bank account numbers are among the data that the Evil Corp threat actors may have obtained.
While Forward Air claims there is no evidence that the data was misused, they are providing impacted individuals with a complimentary one-year membership to the myTrueIdentity credit monitoring service.
Since there is no way to detect if a threat actor utilised stolen data, even if they promise not to after receiving a ransom payment, all impacted workers should presume that their data has been compromised.
This implies that individuals should keep track of their credit reports, bank records, and other financial information.