Load board Total Quality Logistics (TQL) announced on Thursday that there has been a security breach. Hackers had access to incredibly sensitive information including tax ID numbers as well as bank account and routing numbers. According to TQL, “ACH payment theft may have occurred.”
Carriers were notified on Thursday that a data breach of TQL’s IT systems had occurred. According to the ‘hotline’ page that TQL set up, the breach occurred on Sunday, February 23rd, 2020. TQL says that “the hackers gained access to information in some of our carrier accounts, including, in many instances, tax ID numbers and bank account numbers.”
How many carriers were exposed is currently unknown. A TQL spokesperson told FreightWaves that giving a specific number could “compromise the investigation.” According to its website though, TQL serves a network of 85,000 carriers.
So-called information/data phishing attempts like the one that likely caused the breach are fairly common. But in this case, it appears to have been so successful that money may already have been pulled from several carrier accounts using ACH payments.
“As of today, there have been less than 20 carriers identified where ACH payment theft may have occurred,” reads a statement from TQL.
Still, the company is recommending that carriers contact their banks and notify them that their banking information was potentially compromised. TQL also recommends carriers put up a fraud alert or even put a freeze on their credit file.
“Our IT security teams identified the issue quickly and countered immediately to secure all online information,” Kerry Bryne, president of TQL said in an email sent to carriers. “We’re confident any access the hackers had to TQL’s systems has since been blocked.”
Source: overdrive, freightwaves
People who expose personal financial data to hackers should sit in the jail cell next to the hackers. There is no excuse for allowing this to happen.
What a bonehead statement. You think an institution wanted to be hacked or allowed themselves to be hacked? That is like saying you are responsible for being the victim of a burglary and should go to jail. What a knee jerk reaction.
Sometimes companies are so recklessly negligent to the point that yes, they should be held criminally responsible.
Just because Al Muhahar Muhachmed
knows computers doesnt mean he knows security. I can imagine Billy Bobbie Gates at total purfect logistical services wasn’t forking over enough to protect an amaxon s3 bucket.
In fact, it absolutely was recklessly stupid to put fund transfer credentials and bank account information anywhere that a phishing attack could get at it.
The formula for organizational cost of information security risk goes as follows:
Cost of breach to breached entity, divided by likelihood of breach.
This is typically annualized, and the cost of any effort at mitigation, must be less than the cost of the risk that it mitigates away. The problem in most cases, is that the cost of the breach is not borne by the organization that bears the cost of any mitigation, so there is no incentive to mitigate it.
If you get burglarized, even if you leave your property unsecured and exposed, the burglary is still the fault of the burglar – not the victim. But if you are storing other people’s property, and it gets stolen from you, it is your responsibility to make them whole, and seek redress from the thief, separately, on your own. You have an obligation, based upon the trust invested in you by the owners of the stolen property, to protect their interests. Allowing it to be stolen is a failure, on your part, as a trustee. It’s all well and good if you only fail to protect your own interests, but when you are entrusted with the interests of others, the only guarantee they have, that you will take that responsibility seriously, is if any resulting losses accrue to you.
When organizations attempt to mitigate this responsibility, instead of mitigating the risk from which it accrues, they effectively become accomplices, and (like any other case involving malicious intent or gross negligence) they deserve to be held fully and punitively responsible.
The problem is the way the routing is, if there is no accountability routing, who really knows who they are doing business with? VPN’s aren’t safe ,static and dynamic ip’s aren’t safe who controls the internet anyway Arin, Caida there is a list.
I hope someone sticks it to TQL. TQL isn’t any better then the hackers. They raided my bank account and withdrew about $1500.00 in the dark of the night. Charged me for a bunch of fruit that had been sitting in a whse for a few weeks. They screwed me because the didn’t want to lose the shipper.
I guess it was my fault on a way, for even taking a load with this crooked outfit. I swore to myself many times that I wouldn’t haul another load for this bunch, but I did and I paid the price.
I learned the hard way, that if you sign up for direct deposit that they have power of attorney, thus,
complete control of your money.
One does not follow from the other – direct deposit does not confer power of attorney – but it is true that they have all the information necessary to draft money from your account. One (imperfect) solution is to keep separate accounts, one for them to send deposits to, and another for your liquid capital. Once payment is made to your receivables account, immediately transfer it to your capital account. Instruct your bank to decline overdrafts. They may still overdraft your account (you cannot actually force them not to), but at least there’s a chance that the draft will be declined, and either way, your working capital is at arm’s length from their grubby paws.
Better still, take payment by check. Then you also have their checking account information, and as much access to draft funds from them, as they have, from you.
TQL EVERY DRIVER SHOULD WALK AWAY FROM THAT BROKER company all they do is stick companies and keep lying about it wouldn’t be surprised if they are the hackers
Just another day at Microsoft where security cannot be sustained as a result of the ntfs format they use to run Windows operating systems. The ntfs format is a security breach in itself,by design. Third party security apparatus,sold separately,is as effective as a glass body on an Abrams tank. Hackers are like predators in the wild. They target the old,the sick and the weak.