leonard's express ransomware

New York trucking company Leonard’s Express this week notified 6,540 people about a November 2023 data breach that exposed names, Social Security numbers, health insurance information, dates of birth, usernames, and passwords.

Ransomware group Black Basta in January claimed responsibility for the attack, saying it stole 182 GB of data.

Leonard’s Express has not confirmed Black Basta’s claim. The notification states Leonard’s Express first detected files being encrypted on its computer system on December 2, 2023, three days after attackers breached it. An investigation and review of what data was affected were completed on May 10, 2024, nearly half a year after the breach occurred.

We don’t yet know if Leonard’s Express paid a ransom or how attackers breached its systems. Comparitech contacted Leonard’s Express for comment and will update this article if it responds.

Comparitech recommends victims take advantage of the free credit monitoring and identity theft protection services offered by Leonard’s Express via IDX. Monitor your credit report, financial accounts, and medical bills for suspicious activity.

Who is Black Basta?

Black Basta, not to be confused with Blackcat or BlackSuit, is a ransomware gang that first surfaced in early 2022. It operates a ransomware-as-a-service business wherein third-party clients can pay Black Basta to use its ransomware in their own attacks.

Black Basta’s attacks are highly targeted and often extort victims twice: once for a key to decrypt affected systems, and then again in exchange for not selling or publicly releasing stolen data.

Comparitech has logged 123 confirmed attacks claimed by Black Basta., and 25 of those occurred this year. We tracked another 102 unconfirmed attacks claimed by Black Basta so far this year.

Leonard’s Express isn’t the first trucking company targeted by Black Basta. In February 2024, Black Basta claimed responsibility for an attack on Alan Ritchey (PDF) that compromised 4,657 records.

Ransomware attacks on US transportation

In addition to data theft, ransomware attacks can cripple transportation companies, causing delays and missed shipments that reverberate through entire supply chains.

Comparitech recorded three ransomware attacks so far this year on US transportation companies and other organizations, affecting 8,189 records. In 2023, we logged 23 such attacks affecting 189,655 records. Ransomware groups claimed another 35 unconfirmed attacks this year.

Historically, attacks on the transportation sector compromise fewer records than those on other industries. Encrypting systems might be a more lucrative tactic for ransomware groups than threatening to expose data.

Other recent ransomware targets in the US transportation industry include Shuster Company (claimed by Hunters International) and Ward Transport & Logistics (claimed by Dragon Force).

About Leonard’s Express

Leonard’s Express is a trucking company from Farmington, New York. It specializes in hauling temperature-controlled food. Its fleet consists of 700 tractors and 1,050 dray and cold storage trailers, which move more than 15,000 dry shipments per month, according to its website.