One of America's biggest private freight shippers, Estes Express Lines, has told more than 20,000 customers that criminals may have stolen their personal information.
A month later, ransomware crew Lockbit took responsibility for the intrusion, and said it published the stolen data on November 13.
On New Year's Eve, Estes filed a data breach notification with the Maine Attorney General that provided some additional details about digital break-in, which it now says was indeed ransomware.
The shipper says it's cooperating with the FBI, and a subsequent forensics investigation determined that the criminals stole personal information, although the sample notification letter doesn't specify which data the miscreants accessed.
According to the Maine filing, it includes names or other personal identifier in combination with Social Security numbers, although the blank text in the letter indicates that the ransomware crew exfiltrated more than this.
Estes did not immediately respond to The Register's questions about the intrusion, including what data the crooks stole, how they initially accessed the company's network, how much money they demanded, and why company exes made the decision to not pay the ransom.
Caesars Entertainment reportedly paid a ransomware gang $15 million to decrypt its data and not leak its customers' info after a September intrusion, while fellow Las Vegas hotel and casino giant MGM Resorts said a similar attack cost it more than $100 million in losses after not paying up.
The US government advises organizations not to pay ransom demands, and some have called for a complete ban on extortion payments.
It will also provide affected individuals with 12 months of free identity monitoring from Kroll.
This Cyber News was published on go.theregister.com. Publication date: Wed, 03 Jan 2024 22:43:04 +0000