Transportation (Includes Logisitcs, Shipping, Maritime, Rail, Trucking)
Yodel, a UK courier service was hacked forcing systems to shut down. Critical operating systems including delivery tracking, customer service helpline and apps used by drivers were all affected, The Sun reports. Experts at the National Crime Agency were brought in to assist. Experts believed it was a ransomware attack but this has not been confirmed at this time.
A source close to Yodel told The Sun: "It's a complete disaster, the hack has affected every digital part of the business. Nobody is getting a parcel anytime soon."
May 14, 2020: Texas DOT Operations Affected by Ransomware Attack
A ransomware attack affected the Texas government as hackers got into the network of the state’s Department of Transportation (TxDOT).
TxDOT is responsible for air, road, and railway transportation across Texas.
TxDOT said that it detected the attack on May 14, after finding unauthorized access to the agency’s network. Further examination determined that the event was part of a ransomware incident. Immediate action was taken to isolate affected computers from the network and block further unauthorized access. It is unclear how many systems are impacted.
UPDATE: the ransomware used was later identified as RansomEXX.
October 29, 2022: Trains Stop for Danish Train Operator DSB
A breakdown of Denmark’s train network last weekend was the result of a hacker attack on an IT subcontractor’s software testing environment, Danish train operator DSB said.
“We were contacted by our subcontractor who told us that their testing environment had been compromised by criminal hackers,” DSB’s chief of security, Carsten Dam Sonderbo-Jacobsen, told public broadcaster DR.
“It hasn’t targeted infrastructure or DSB, it was economic crime,” Sonderbo-Jacobsen said in a Reuters report, adding it was not clear who was behind the attack, but that investigations were ongoing.
November 26, 2016: San Francisco Municipal Transportation Agency Hit by Ransomware
During the Thanksgiving weekend, the San Francisco Municipal Transportation Agency, sometimes called Muni or SFMTA, was the victim of a ransomware attack that affected internal computer systems including email and ticketing. It used backup data to restore most of the affected system in the next few days, minimizing the attack's impact. The hacker's goal was to extort 100 bitcoins ($73,000) from the SFMTA for the release of its systems. SFMTA denied paying the ransom and restored its systems on its own. It reportedly lost up to $50,000 in uncollected fees by the time systems recovered from the attack.
June 27, 2017: FedEx TNT Global Operations Disrupted by NotPetya Attack
Operations of FedEx's TNT Express unit in Europe were disrupted by the attack and the company previously warned that the financial cost of the incident was likely to be significant. While no data breach or data loss occurred as a result of Petya, the company previously warned that it may not be able to recover all of the systems affected by the cyber attack. "Most TNT Express services resumed during the quarter and substantially all TNT Express critical operational systems have been restored. However, TNT Express volume, revenue and profit still remain below previous levels," the company said.
July 5, 2022: American Airlines Suffers Breach
American Airlines informed some if its customers Friday (September 16) about a security incident that occurred July 5 and resulted in a breach of personal information.
In July the airline found an attacker compromised email accounts of airline workers via a phishing attack and were then able to pivot from there to get in and purloin personal information.
In a letter dated September 16, Russell Hubbard, deputy general counsel and chief privacy and data protection officer at American Airlines said: “We are writing to inform you about a recent incident that involved some of your personal information.
September 12, 2022: Uber Hit in Cyberattack
Uber, the ride-hailing and food delivery company has suffered a systems breach, according to a report, with employees unable to access internal tools such as Slack. One employee resource page is said to have had a not safe for work image posted to it by the hacker.
An official statement posted to Twitter said, "We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available."
Uber said the hacker behind the breach is affiliated with the Lapsus$ extortion group and the group used the stolen credentials of an Uber EXT contractor in an multi-factor authentication (MFA) fatigue attack where the contractor was inundated with two-factor authentication login requests until one of them was accepted
August 23, 2022: Business Critical Systems Disrupted at Largest Library Content, Software and Services Provider.
Baker & Taylor confirmed being hit by ransomware. The world's largest global distributor of books to libraries revealed that disruptions to its business-critical systems would persist through the week while technical teams work on restoring impacted servers. Currently, there is no information on what ransomware group or affiliate is behind the attack. Based on the company's statement that it's working on restoring affected servers, it's safe to say that Baker & Taylor will not pay the ransom demand, reports Bleepingcomputer.
Seattle-based logistics giant Expeditors International said it had shut down most of its operating systems in response to a cyberattack disclosed Sunday, raising fears of further stress on already fragile global supply chains, reported the WSJ. Speculation has focused on the possibility that hackers froze the systems for ransom, but Expeditors has not described the exact nature of the attack. In a statement, the freight-forwarding company said it currently has a “limited ability” to conduct operations, including arranging freight shipments and managing customs and distribution activities.
The company expects the cyberattack will have a material adverse impact on its business, revenues, expenses, results of operations, cash flows and reputation.
August 5, 2022: Supply Chain Cyberattack Closes Ontario Cannabis Retail Corporation (OCS) Warehouse for Days.
Ontario Cannabis Store (OCS) said on August 9 it still can’t fulfill or deliver new orders after a cyber incident at the U.S. parent company of its distribution partner, Domain Logistics. As a result of the incident OCS has had to close its warehouse. The OCS says there is “currently no indication that OCS systems or its customers’ information was targeted or compromised as a result of this attack.”
Legacy Supply Chain - U.S. parent company of Domain Logistics - detected unusual activity on its network on August 5th. The IT network and a number of applications were taken offline "impacting order processing for a small number of Legacy customers".