back to article Freight giant Estes refuses to deliver ransom, says personal data opened and stolen

One of America's biggest private freight shippers, Estes Express Lines, has told more than 20,000 customers that criminals stole their personal information. "As you may be aware, on October 1, 2023, Estes discovered that an unauthorized threat actor had gained access to a portion of the company's IT network and deployed …

  1. trindflo Bronze badge

    Bravo to Estes for doing the right thing, but...why SS #s?

    why did you have social security numbers available online and unencrypted?

    I'm really curious why a shipper *needs* to have something as sensitive as social security numbers. I doubt there is a good reason to have them available in a form that can easily be exfiltrated, and I'm making an assumption they were unencrypted and not air-gapped.

    I'll say again, good on you for not feeding the monster.

    1. t245t Silver badge
      IT Angle

      Why have social security numbers online and unencrypted?

      @trindflo: “why did you have social security numbers available online and unencrypted?”

      a. Because they can't be bothered.

      b. Because they lack the technical skill

      c. Because there is no penalty for losing your records

      d. Because the underlying platform is unsuitable for online commerce.

    2. Doctor Syntax Silver badge

      Re: Bravo to Estes for doing the right thing, but...why SS #s?

      "I'm really curious why a shipper *needs* to have something as sensitive as social security numbers."

      Possibly employee/contract driver data was taken as well as customer data.

  2. Missing Semicolon Silver badge

    Ford Pinto strikes again

    "How much do these bozos want?"

    "'bout 5 mil"

    "How much is a year's credit monitoring for 20k people?

    "'bout 100k"

    "Tell 'em to swivel"

    And, as you can't tell which breach has emptied your bank account, you can't sue.

    There really need to be Company-ending fines for this kind of loss.

  3. PRR Silver badge

    > Estes filed a data breach notification with the Maine Attorney General

    For dog's sake, why MAINE?? Do we even have an internet breech notification law? (Some days much of Maine does not have even an internet....)

    I live here, and even _I_ don't know who is in the AG office now. (Ah, the last AG, little Janet, left big shoes to fill; and the new guy "..is currently being investigated by his own party for a sexual relationship with a married direct subordinate... yada etc...".)

    Estes is the largest family-operated (not stockholder) trucking operation in the US, and in their field are utterly organized and reliable. I depend on Estes to get big boxes from mid-continent to my neck of the coast. Database IT may be just outside the management's level of incompetence; blindered. They sure could hire it done right, like they do for architects, builders, and pension plans; they just have not had to before now.

    I don't want Estes to fail. <drift alert>I do have a gripe at Etsy, who allowed a fraudulent charge against my AmEx and could not find it. There are a LOT of reports about Etsy like this. ('Specilally after a recent buy-out.)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like