Forward Air Corporation offers trucking and freight logistics with its more than 4,300 employees. The complaint for this class action points to a ransomware attack and data breach and alleges that Forward Air did not have in place adequate or reasonable security procedures to protect the personally identifiable information (PII) of its current and former employees.
The class for this action is all persons whose PII was compromised as a result of the data breach announced by Forward Air on or around October 20, 2020.
In its Notices of Privacy Practices and other things, Forward Air promised to protect its employees’ and former employees’ privacy and comply with statutory privacy requirements. The complaint alleges, “Forward Air had a duty to adopt reasonable measures to protect Plaintiff’s and Class Members’ PII from involuntary disclosure to third parties.”
However, on December 15, 2020, the complaint says, the company was hit with a ransomware attack “impacting its operational and information technology systems, which caused service delays for many of its operations.” The attack was reportedly perpetrated by a group called Hades.
The complaint says, “As demonstrated in the following image, the Hades ransomware gang has followed the trend of exfiltrating data in connection with their ransomware attacks and will publish consumers’ data online unless their demands for payment are met.” The complaint shows a screenshot of the Hades ransomware notice, which says, in part, “You can recover your data and prevent data leakage to the public.”
While companies often receive assurances from ransomware hackers that data will be deleted if the ransom is paid, the complaint alleges that “a report released by Coveware, a company that handles ransomware payment negotiations, has confirmed what most of the industry already suspected[:] ransomware gangs do not delete any stolen data even when they receive a ransom payment.”
Air Forward has not disclosed all details of the ransomware attack, but it has said that “certain Forward Air system were accessible in November and early December 2020, and that certain data … was potentially viewed or taken by an unknown actor.”
According to the complaint, the information compromised includes names, addresses, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, and bank account numbers. The complaint says, “Incredibly, despite learning of the Data Breach in December of 2020, Forward Air delayed notifying victims until almost a year later until September 2021.”
The complaint claims, Forward Air could have prevented this Data Breach by properly encrypting or otherwise protecting their equipment and computer files containing PII.”
The counts include negligence, negligence per se, breach of implied contract, intrusion upon seclusion, and unjust enrichment.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Forward Air Ransomware Attack and Data Breach Complaint
November 3, 2021
Forward Air Corporation offers trucking and freight logistics with its more than 4,300 employees. The complaint for this class action points to a ransomware attack and data breach and alleges that Forward Air did not have in place adequate or reasonable security procedures to protect the personally identifiable information (PII) of its current and former employees.
Forward Air Ransomware Attack and Data Breach ComplaintCase Event History
Forward Air Ransomware Attack and Data Breach Complaint
November 3, 2021
Forward Air Corporation offers trucking and freight logistics with its more than 4,300 employees. The complaint for this class action points to a ransomware attack and data breach and alleges that Forward Air did not have in place adequate or reasonable security procedures to protect the personally identifiable information (PII) of its current and former employees.
Forward Air Ransomware Attack and Data Breach Complaint