Total Quality Logistics (TQL) sent out bulk emails yesterday to their carriers and customers informing them that their information might have been compromised after a recent data breach was discovered in their IT systems Monday, February 24th 2020.
According to an email sent to TQL’s customers from Kelly Bryne, the President of the Ohio-based logistics giant, “email addresses, phone numbers, first and last names and TQL Customer ID numbers” might have been compromised. The notice said the breach “may have compromised the security of our online portals for a segment of our customers’ non-financial data.”
Carriers were also impacted by this data breach. According to an internal memo to employees, received by Freight Broker Live and a mass email sent out to most registered carriers, “The information compromised from some carrier accounts included tax ID numbers, bank account numbers, and in some cases social security numbers,” TQL’s CEO Ken Oaks says in the letter.
According to internal sources, the breach was discovered earlier in the week when TQL’s accounting department called a carrier to verify changes to their banking information within their system. The carrier reportedly denied knowledge of the change prompting the accounting department to send the issue to the IT department within TQL. Sources say there is evidence the breach occurred quite a while before being discovered, although it is unclear of just how long the hackers were dormant in the system. It appears several carrier’s banking information was changed and that payments were sent out to these altered bank accounts. Internal sources say the total amount stolen was less than $100,000. TQL says they have identified less than 20 carriers where ACH payment theft may have occurred.
Sources tell Freight Broker Live the hackers were able to access the internal IT systems utilizing TQL’s mobile applications as a pass through into the system. TQL has since taken steps to close the security gaps in their system, hired an third-party cyber security firm for “additional forensics,” on their systems to identify if any other information was compromised. TQL is also working with the Federal Bureau of Investigation and other law enforcement to track the hackers.
TQL employees told Freight Broker Live that soon after information regarding the breach became public, they lost their ability to post and search the Truckstop.com load boards as Truckstop suspended access to the boards. Access was turned back on at the end of the day. A Truckstop.com spokesperson told Freight Broker Live that they are “aware of the situation impacting TQL and we are working to support them as they manage the incident.”
Freight Broker Live also received a statement from DAT, the nation’s largest load-board provider in response to our inquiry. “DAT has not been contacted directly by TQL regarding the reported security breach. DAT systems operate independently from those of its customers.”
TQL is the second largest freight brokerage with annual gross revenues of $3.6B and works with over 85,000 carriers. It’s unknown how much data was actually compromised at this time and what the impact of those affected might be. TQL urged carriers to contact their financial institutions and notify them of the breach, and to put fraud alerts/credit freezes on their accounts.