[BreachExchange] Cincinnati Firm Faces $5m Data Breach Lawsuit
Destry Winant
destry at riskbasedsecurity.com
Thu Mar 26 10:29:19 EDT 2020
https://www.infosecurity-magazine.com/news/cincinnati-firm-faces-5m-data/
A Cincinnati freight brokerage company is facing a $5m lawsuit over a
data breach that occurred last month.
Computer systems at Total Quality Logistics (TQL) were compromised in
a cyber-attack that took place on February 23. Customer and carrier
information was exposed after threat actors breached the company's
online web portal.
Carrier data compromised in the attack included tax ID numbers, bank
account numbers, and in some cases Social Security numbers. Breached
customer data included email addresses, phone numbers, first and last
names, and TQL customer ID numbers.
Now TQL is being sued by an unnamed trucking company owned by Charles
Newman of Milwaukee County, Wisconsin. A complaint filed in the US
District Court for the Southern District of Ohio alleges that TQL
failed to "implement and maintain reasonable security measures over
personally identifiable information."
The plaintiff accuses TQL of negligence and claims that the
consequences of the data breach were dire and far-reaching.
"Had TQL taken the well-known risk of cyber-intrusion seriously and
adequately tested, audited and invested in its IT systems, and
adequately trained its staff," the lawsuit states, "the data breach
would never have occurred."
The complaint alleges that as a result of the breach, hackers have
accessed, "and in a growing number of cases" have used, compromised
data to conduct fraudulent transactions. According to the lawsuit,
"the full scope of the harm has yet to be realized."
Newman, who is represented by The Kerger Law Firm in Toledo, Ohio, is
seeking to have the complaint certified as a class action, which would
allow other motor carriers to join the lawsuit.
TQL is one of America's largest privately owned freight brokerage
firms, moving over 1.8 million loads of freight across the US and
Canada each year. The company has 57 sales offices and a vast network
of over 85,000 carriers.
Four days after the breach occurred, TQL president Kerry Byrne sent a
breach notification email out to carriers, including Newman.
According to Byrne's email, the attackers may have gained access to
TQL's data via an "information/data phishing attempt."
TQL advised carriers to check whether their bank accounts had been
compromised and recommended that each carrier take extra security
measures, including setting up a fraud alert on their credit files.
More information about the BreachExchange
mailing list