- The names and Social Security numbers of more than 21,000 people were exposed in the cyberattack on Estes Express Lines, the carrier disclosed in a data breach notice in Maine.
- An unauthorized threat actor deployed ransomware after accessing part of the company’s IT network, but the carrier did not pay the ransom, President and COO Webb Estes said in a letter last month to those affected.
- Estes is not aware of any identity theft or fraud stemming from the incident, but it has hired risk management firm Kroll to provide 12 months of credit monitoring services at no cost to those affected. The carrier discovered the hack five days after it occurred, according to the data breach notice.
Estes took pains to be transparent with customers, employees and the public about the cyberattack that hobbled its operations for weeks in October.
But the notice and letter shed more light on previously undisclosed details, including the exposure of personal information and the involvement of ransomware.
“Unfortunately the forensics investigation determined that the unauthorized threat actor accessed and extracted some data from the impacted system,” the company president wrote in the letter to those affected.
The forensic investigator provided a report on Nov. 7 revealing the personal information “that may have been involved,” Estes said. Maine residents were notified in a Dec. 5 letter.
“We have filed security breach reports with a number of state attorneys general, including the Maine Attorney General [outlining] what happened and what we are doing to take action,” the company told Trucking Dive in an emailed statement. “We have taken actions to mitigate the incident, as more fully described in our reports.”
The Kroll services available to those affected include credit monitoring, Web Watcher, Public Persona, Quick Cash Scan, $1 million in identity fraud loss reimbursement, fraud consultation and identity theft restoration.
“Protecting your information is important to us,” Webb Estes wrote in his letter to those affected. “We trust that the services we are offering to you demonstrate our continued commitment to your security and satisfaction.”