Radiant Logistics, Inc. Announces Data Breach That May Have Stemmed from Ransomware Incident

Console and Associates, P.C.
Contact

On September 1, 2022, Radiant Logistics, Inc. reported a data breach with the Montana Attorney General after the company learned that an unauthorized party accessed and removed certain files from the company’s network. While the company did not publicly release the data types that were leaked as a result of the incident, under state reporting guidelines, a company only needs to report a breach if it involved consumers’ Social Security numbers, financial account information, and driver’s license numbers or state identification numbers. Thus, while it cannot be confirmed, it would appear that the Radiant Logistics breach involved one or more of these data types. After confirming the breach and identifying all affected parties, Radiant Logistics began sending out data breach letters to all affected parties.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Radiant Logistics data breach, please see our recent piece on the topic here.

What We Know About the Radiant Logistics Data Breach

The information about the Radiant Logistics, Inc. data breach comes from the Office of the Montana Attorney General. According to this source, on around December 6, 2021, Radian detected unusual activity within its computer network. In response, the company secured its servers and then enlisted the help of an outside cybersecurity firm to assist with the company’s investigation.

As a result of this investigation, the company confirmed that an unauthorized party had gained access to the Radiant Logistics computer network. The investigation also revealed that the files that were accessible to the unauthorized party contained sensitive consumer data.

Upon discovering that sensitive consumer information was accessible to an unauthorized party, Radiant Logistics began the process of reviewing all affected files to determine what data was compromised and which consumers were impacted by the incident. While the notice filed with the Montana AG does not outline the specific data types that were leaked, based on state reporting requirements, it is likely that the breach impacted one or more of the following:

  • Social Security numbers,

  • financial account information, or

  • driver’s license numbers or state identification numbers.

On September 1, 2022, Radiant Logistics sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Radiant Logistics, Inc.

Founded in 2005, Radiant Logistics, Inc. is a freight and logistics company based in Bellevue, Washington. The company provides logistics and supply chain services to customers in varying industries, including aviation and automotive, electronics and high tech, furniture and home furnishings, hospitality and gaming, humanitarian/NGO, industrial and farming, manufacturing and consumer goods, medical, healthcare, & pharmaceuticals, military and government, oil, gas, & energy, residential and white glove, retail, textiles, apparel, and accessories, sporting goods. Radiant Logistics, Inc. is publicly traded on the New York Stock Exchange under the ticker symbol “RLGT.” Radiant Logistics employs more than 656 people and generates approximately $1 billion in annual revenue.

What Caused the Radiant Logistics Data Breach?

The Radiant Logistics filing with the Montana Attorney General did not get into too much detail about the nature of the breach. However, back in December 2021, the company also filed a notice with the Security and Exchange Commission about a ransomware incident that the company learned of on December 8, 2021. So, while it cannot be confirmed that the recent filing with the Montana AG was referring to the same incident, based on the timing, it seems likely.

A ransomware attack is a type of cyberattack that occurs when a hacker or other bad actor installs malware on a company’s computer network. Hackers frequently do this by sending a phishing email to an employee in hopes of getting them to click on a malicious link. Once the employee clicks on the link, it downloads the malware onto their computer. The malware then encrypts the files on the computer and may infect other parts of the network. The hackers then send management a message, demanding it pays a ransom if it wants access to its network. In theory, once the company pays the ransom, the hackers decrypt their computer, which ends the attack—at least from the company’s perspective.

However, there is a new type of ransomware attack in which hackers threaten to publish any exfiltrated data if the ransom goes unpaid. Companies do not want to be seen as putting money over the privacy of their customers’ information, so this adds to the incentive to pay a ransom. Not surprisingly, these new ransomware attacks have been highly successful. Notably, there is no evidence at this point that any of the data compromised in the Radiant Logistics breach made it onto the dark web; however, it is a possibility.

Once on the dark web, cybercriminals can bid on the data, which they can then use to commit identity theft and other frauds. Of course, while companies that are targeted in a ransomware attack are victims in some sense, the real victims of these attacks are the consumers whose information ends up in the hands of those looking to commit fraud.

Companies not only have the resources to pay an occasional ransom, but they also have the ability (and responsibility) to implement strong data security systems designed to prevent these attacks in the first place. Victims of a data breach who would like to learn how to reduce the risk of identity theft or learn about their options to hold the company that leaked their information accountable should contact a data breach lawyer as soon as possible.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.
Contact
more
less

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide