UPDATE: TQL says data breach was not malware or ransomware attack

Read FreightWaves’ breaking news article regarding the TQL data breach here.

Total Quality Logistics (TQL) says it will continue to work with an expert cybersecurity firm to find out how external hackers breached its IT systems and gained access to some carriers’ sensitive business information.

Tom Millikin, corporate communications manager of TQL, told FreightWaves the data breach was not a malware or ransomware attack.

While some affected carriers weren’t notified until early Thursday, Millikin said TQL first confirmed the data breach on Feb. 23.

“Our internal response to this incident was swift,” he told FreightWaves in a statement. “We’ve been working diligently to assess the scope of the data breach and determine who may have been impacted. As soon as we knew the precise data involved, we identified the required resources and shared that information with carriers and customers.”

Millikin said he isn’t sure of the exact number of carriers who may have been affected by the security breach in its IT system, but is working with law enforcement and a cybersecurity firm to identify which carriers and customers may be impacted.

“We can’t confirm a specific number as that could compromise the investigation,” Millikin told FreightWaves.

TQL is “proactively contacting all customers and carriers to make them aware of this breach, and we’ve provided them with information on immediate steps they can take to protect their accounts and identities,” the logistics company said in a statement late Thursday.

Carriers were notified early on Feb. 27 that external hackers had breached TQL’s IT systems and may have gained access to some carriers’ “tax ID number, bank account numbers and invoice information, including amounts and dates,” according to an email sent to carriers by Kerry Bryne, president of TQL. 

“Fortunately, we can confirm our systems have been thoroughly vetted and we can tell you any vulnerabilities that were attacked have been repaired,” TQL said in a statement later Thursday. “Our systems were put through vigorous penetration testing by our IT teams and we continue to work with an expert cybersecurity firm to ensure there are no additional vulnerabilities.”

TQL has set up several ways for carriers to find out more information about the data breach and urges those with questions to visit www.tql.com/carrierhotline or call its dedicated hotline at 800-822-5980.

Carriers notified by email were among those that had some of their sensitive business information compromised, TQL said.

For now, TQL said less than 20 carriers have been identified “where ACH payment theft may have occurred.”

TQL confirmed that “they are being contacted and their account will be updated to reflect any unpaid invoices. We are asking all carriers to assume their bank account and tax ID information was at risk at some point and take additional steps as a precaution.”

TQL is recommending carriers take extra security measures and contact their bank or financial institution and notify them that their information may have been compromised, specifically bank account, routing and tax ID numbers.

TQL also recommends that carriers place a fraud alert on their credit files. 

“We are still gathering details, but it appears it was initially an information/data phishing attempt,” according to Byrne’s email. “Our IT security teams identified the issue quickly and countered immediately to secure all online information. We’re confident any access the hackers had to TQL’s systems has since been blocked.”

According to TQL’s website, it works with a network of more than 85,000 carriers and moves more than 1.8 million loads of freight each year. TQL is headquartered in Cincinnati, Ohio.

“We have taken immediate steps to close security gaps in our systems,” Bryne said.

This is a developing story

Read more articles by FreightWaves’ Clarissa Hawes