{
	"id": "53a79289-53ed-456a-a9d5-1b8cd106698a",
	"created_at": "2026-04-06T00:10:16.510887Z",
	"updated_at": "2026-04-10T13:12:39.966085Z",
	"deleted_at": null,
	"sha1_hash": "fd663433a09e0f853b03408467c322c973f2c01c",
	"title": "Freight giant Estes refuses to deliver ransom, says personal data opened and stolen",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43165,
	"plain_text": "Freight giant Estes refuses to deliver ransom, says personal data\r\nopened and stolen\r\nBy Jessica Lyons\r\nPublished: 2024-01-03 · Archived: 2026-04-05 18:51:25 UTC\r\nOne of America's biggest private freight shippers, Estes Express Lines, has told more than 20,000 customers that\r\ncriminals stole their personal information.\r\n\"As you may be aware, on October 1, 2023, Estes discovered that an unauthorized threat actor had gained access\r\nto a portion of the company's IT network and deployed ransomware,\" it said in a letter mailed to 21,184 people\r\n[PDF]. \"In accordance with the standard recommendation of the FBI and financial regulators, Estes did not pay\r\nthe ransom.\"\r\nThe family-owned billion-dollar biz indeed disclosed the \"cyberattack\" in early October, and at the time said the\r\nintrusion affected its IT infrastructure. By October 24, chief operating officer Webb Estes posted a video on X\r\nannouncing that the company had \"completely restored our systems capabilities.\"\r\nA month later, ransomware crew Lockbit took responsibility for the intrusion, and said it leaked data stolen from\r\nthe biz on November 13.\r\nThen, on New Year's Eve, Estes filed a data breach notification with the Maine Attorney General that provided\r\nsome additional details about the digital break-in, which it now says was indeed ransomware.\r\nThe shipper says it's cooperating with the FBI, and a subsequent forensics investigation determined that the\r\nintruders stole personal information, although the sample notification letter doesn't specify which data the\r\nmiscreants accessed. According to the Maine filing, it includes names or other personal identifier in combination\r\nwith Social Security numbers, although the blank text in the letter indicates that the ransomware crew exfiltrated\r\nmore than this.\r\nEstes did not immediately respond to The Register's questions about the intrusion, including what data the crooks\r\nstole, how they initially accessed the company's network, how much money they demanded, and why company\r\nexes made the decision to not pay the ransom. \r\nThis, of course, has become a hotly debated topic and it involves multiple factors ranging from the practical —\r\ndoes the victim organization have effective backups and how much money will downtime cost — to the more\r\nphilosophical — will paying a ransom facilitate human trafficking and/or terrorism, or even just subsequent\r\ncybercrime?\r\nEither choice can be extremely costly for victims. Caesars Entertainment reportedly paid a ransomware gang $15\r\nmillion to decrypt its data and not leak its customers' info after a September intrusion, while fellow Las Vegas\r\nhotel and casino giant MGM Resorts said a similar attack cost it more than $100 million in losses after not paying\r\nup.\r\nhttps://www.theregister.com/2024/01/03/estes_ransomware/\r\nPage 1 of 2\n\nThe US government advises organizations not to pay ransom demands, and some have called for a complete ban\r\non extortion payments.\r\nEstes says it's \"not aware of any identity theft, fraud, or financial losses resulting from this incident.\"\r\nIt will also provide affected individuals with 12 months of free identity monitoring from Kroll. ®\r\nSource: https://www.theregister.com/2024/01/03/estes_ransomware/\r\nhttps://www.theregister.com/2024/01/03/estes_ransomware/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.theregister.com/2024/01/03/estes_ransomware/"
	],
	"report_names": [
		"estes_ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434216,
	"ts_updated_at": 1775826759,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/fd663433a09e0f853b03408467c322c973f2c01c.pdf",
		"text": "https://archive.orkl.eu/fd663433a09e0f853b03408467c322c973f2c01c.txt",
		"img": "https://archive.orkl.eu/fd663433a09e0f853b03408467c322c973f2c01c.jpg"
	}
}