Transportation provider WEL Companies this week confirmed it notified 122,960 people of a January 2025 data breach that compromised the following personal info:
- Names
- Social Security numbers
- State-issued ID (e.g. driver’s license, resident ID number)
Ransomware gang RansomHub took credit for the breach the following month and said it stole 189 GB of data. To prove its claim, RansomHub posted sample images of what it says are documents stolen from WEL, including passports, 401K statements, and accident reports.
WEL has not verified RansomHub’s claim. We do not know if the company paid a ransom, how much RansomHub demanded, or how attackers breached WEL’s network. Comparitech contacted WEL Companies for comment and will update this article if it replies.
“On January 31, 2025, WEL noted unusual activity on its network,” says the company’s notice to victims.
“As a result of the investigation, it was learned that certain data stored on WEL systems may have been accessed or acquired without authorization and that certain individuals’ personal information may reside in the potentially affected data.”
WEL is offering eligible victims free identity monitoring through Kroll.
Who is RansomHub?
RansomHub is a ransomware gang that first started posting attack claims to its leak site in February 2024. It runs a ransomware-as-a-service business in which affiliates pay to use the group’s malware and infrastructure to launch their own attacks and collect ransoms. RansomHub is behind high-profile attacks on Rite Aid, Christie’s auction house, Frontier Communications, and the Florida Department of Health.
In the year between February 2024 and March 2025, RansomHub took credit for 157 confirmed ransomware attacks and made another 610 unconfirmed claims that haven’t been publicly acknowledged by the targeted organizations.
RansomHub’s attack on WEL is the group’s eight-largest breach by number of records affected. The group’s biggest attacks include those on Rite Aid (2.2 million), Patelco Credit Union (1 million), and Park’N Fly (1 million).
WEL is the fourth transportation company targeted by RansomHub. In the same month RansomHub attacked WEL, the group also claimed to steal 230 GB from Danish shipping company SDK FREJA.
Ransomware attacks on US transportation
In 2025 to date, Comparitech researchers have logged six confirmed ransomware attacks on US transportation businesses. Another 99 such claims have yet to be confirmed.
The attack on WEL is the third-largest attack on a US transportation company to date, surpassed by a November 2020 breach at Americold Realty Trust (144,216 records) and an April 2023 breach at Americold Logistics (129,611). The latter attack was claimed by ransomware group Cactus.
Ransomware attacks on US transportation can both steal data and lock down computer systems. Ransomware gangs then demand a ransom to restore infected systems and destroy stolen data. If they don’t businesses face extended downtime, data loss, and putting customers at increased risk of fraud. For transportation companies and their customers who rely on timely delivery, these attacks can be devastating.
About WEL Companies
WEL Companies is a logistics and transportation company specializing in temperature-controlled trucks and warehouses. It operates locations in Wisconsin, Pennsylvania, Georgia, and Florida. It employs more than 500 people, according to the company’s LinkedIn profile.
