A Cincinnati freight brokerage company is facing a $5m lawsuit over a data breach that occurred last month.
Computer systems at Total Quality Logistics (TQL) were compromised in a cyber-attack that took place on February 23. Customer and carrier information was exposed after threat actors breached the company's online web portal.
Carrier data compromised in the attack included tax ID numbers, bank account numbers, and in some cases Social Security numbers. Breached customer data included email addresses, phone numbers, first and last names, and TQL customer ID numbers.
Now TQL is being sued by an unnamed trucking company owned by Charles Newman of Milwaukee County, Wisconsin. A complaint filed in the US District Court for the Southern District of Ohio alleges that TQL failed to "implement and maintain reasonable security measures over personally identifiable information."
The plaintiff accuses TQL of negligence and claims that the consequences of the data breach were dire and far-reaching.
"Had TQL taken the well-known risk of cyber-intrusion seriously and adequately tested, audited and invested in its IT systems, and adequately trained its staff," the lawsuit states, "the data breach would never have occurred."
The complaint alleges that as a result of the breach, hackers have accessed, "and in a growing number of cases" have used, compromised data to conduct fraudulent transactions. According to the lawsuit, "the full scope of the harm has yet to be realized."
Newman, who is represented by The Kerger Law Firm in Toledo, Ohio, is seeking to have the complaint certified as a class action, which would allow other motor carriers to join the lawsuit.
TQL is one of America's largest privately owned freight brokerage firms, moving over 1.8 million loads of freight across the US and Canada each year. The company has 57 sales offices and a vast network of over 85,000 carriers.
Four days after the breach occurred, TQL president Kerry Byrne sent a breach notification email out to carriers, including Newman.
According to Byrne's email, the attackers may have gained access to TQL's data via an "information/data phishing attempt."
TQL advised carriers to check whether their bank accounts had been compromised and recommended that each carrier take extra security measures, including setting up a fraud alert on their credit files.