The freight shipping company Forward Air Corp. ultimately disclosed a data breach following a ransomware attack in December 2020.
In a filing with the U.S. Securities and Exchange Commission in February, Forward Air said it became aware of a ransomware incident affecting its operations and computer systems on December 15. The company launched an investigation and hired third-party contractors at the time. , taking measures to assess, contain and remedy the incident.
This part is not new, as Forward Air first disclosed the attack in the same month. The company said in its fourth quarter financial results that the ransomware attack cost it $ 7.5 million in lost revenue. Although the company has never disclosed the form of the ransomware attack, it is believed to have involved the Hades ransomware from cybercrime group Evil Corp.
On to September and now, Forward Air has finally revealed that data was stolen during the ransomware attack. In an employee data breach notification reported today by Bleeping Computer, the company said it has determined that certain data, including personal information, is potentially being viewed or taken by an unknown actor.
Stolen data includes employee names, addresses, dates of birth, social security numbers, driver’s license numbers, passport numbers and bank account numbers.
While noting that it has no evidence that the data was misused, the company is offering potentially affected employees free credit monitoring service protection.
“This incident proves once again that you don’t have to be an organization with top secret data or intellectual property to be the target of a cyber attack,” said Chris Clements, vice president of the architecture of cybersecurity firm Cerberus Cyber Sentinel Corp.’s solutions, says SiliconANGLE. “Ransomware has made cybercriminals much more opportunistic with their attacks, targeting any organization they are able to break into.”
Clements explained that he thinks a big part of the problem is that organizations not only think they won’t be a target, but also ignore how long business can be. be interrupted by a cyberattack.
“Cyber security insurance, even when paid for, cannot repair damaged relationships with customers or suppliers if you cannot provide the service,” added Clements. “Time-limited credit monitoring also cannot fully protect employees or customers from fraud or identity theft if their personal information is stolen. “
Nick Sanna, CEO of cyber risk management firm RiskLens Inc., noted that there is pressure on CIOs to justify the right investments in cybersecurity. A professional audience will only support them if they understand the financial impact of ransomware attacks on their organization.
“Quantifying cyber risk in financial terms is key to getting the right buy-in and the right level of protection against this increasingly prevalent threat,” Sanna said.