CSX – CSX probes ‘security incident' as hackers leak data

U.S. rail operator CSX (NASDAQ: CSX) said it is investigating a “data security incident” linked to a software provider, Accellion, after a ransomware gang posted screenshots of internal company files to a leak site on Tuesday. The files appear to contain personal information about employees and retirees. 

The Jacksonville, Florida-based company told FreightWaves in a statement that it recently learned about the incident and has notified law enforcement.

“To date, this incident has had no impact on business operations or our ability to serve our customers,” CSX said in a statement. 

The Clop ransomware gang posted four screenshots including from what appear to be spreadsheets containing information about pension plan recipients and an employee roster. 

Clop did not indicate how much data it may have stolen. Ransomware gangs often slowly post data to leak sites to pressure companies to pay them. 

CSX revealed few details about what occurred but said the incident happened because of a vulnerability in file-transfer software from Accellion, FTA. CSX said it took FTA offline on Jan. 5 and migrated to a new system. 

Accellion’s 20-year-old file transfer product was targeted in cyberattacks in December and January. The attack has since been linked to multiple hacks of companies and government agencies, including retail giant Kroger and NSW Transport, the transport agency for the Australian state of New South Wales.

“Potentially there are a lot more of these,” said Brett Callow, a threat analyst with the cybersecurity software firm Emsisoft.

Callow noted that Clop frequently uses breaches to stage attacks against victims’ customers. 

“They should be on high alert,” Callow said of CSX’s customers. 

CSX is one of largest rail operators in the U.S., with its network primarily concentrated on the East Coast. The company generated $2.8 billion in net profits on $10.6 billion in revenue in 2020.

In January, short line rail operator and logistics provider OmniTRAX disclosed that it had been victim of ransomware attack and data theft as part of an incident targeting its parent company, Broe Group.

Click for more FreightWaves articles by Nate Tabak
Inside a ransomware attack on a small trucking company
Hackers expose Hyundai logistics data after apparent ransomware attack
XTL makes its first acquisition as Canada trucking M&A heats up