The Iowa-headquartered transportation support company DRT has seen attackers access its email accounts, potentially accessing the personal details of numerous individuals.
The shared services provider DRT started informing individuals whose data may have been exposed in a recent data breach. According to the company, attackers managed to remotely access several DRT-owned email addresses in late May, exposing the personally identifiable information (PII) of the company's clients.
DRT mainly works with the transportation sector, providing back-office services such as HR, IT, legal, and finance. The company works across 49 States, supporting over 6,000 client employees.
Meanwhile, information that the company submitted to the Maine Attorney General’s Office indicates that over 14,400 individuals may have been exposed in the attack, which could mean threat actors got their hands on historical data as well.
“Although the investigation could not determine whether any information was acquired, it is possible that there was unauthorized access to PII in files in these email accounts, such as a spreadsheet or documents used for internal business purposes,” reads DRT’s breach notice.
According to the company, attackers may have accessed:
- Full names
- Addresses
- City of residence
- Other PII data
While the extent of implications due to the attack depends on what PII data was actually exposed, knowing that DRT provides HR, finance, and other services, the compromised emails likely contained consolidated sensitive data from numerous client companies.
“Although the investigation could not determine whether any information was acquired, it is possible that there was unauthorized access to PII in files in these email accounts, such as a spreadsheet or documents used for internal business purposes,”
reads DRT’s breach notice.
In any case, individuals exposed to the attack may face an elevated risk of identity theft, one of the most common and devastating cybercrimes. What makes matters worse is that the crime is often noticed only after the victim’s financial or digital presence has been compromised.
According to the Federal Trade Commission, in 2024, there were over 1.1 million reports of identity theft, with credit card misuse being the most common form. Separately, the FTC received approximately 2.6 million reports of fraud. Victims of identity theft alone lost millions of dollars over the course of the year.
Another risk exposed users face is phishing attacks. Attackers may use exposed data for tailor-made phishing campaigns that focus on transportation industry workers, attempting to lure more personal details. The FBI reported that potential losses exceeded $12.5 billion from various internet crimes, with phishing being a significant contributor.
DRT said that the cybersecurity incident prompted it to take steps to improve its security posture.
“These steps included immediately disabling the email accounts while a password reset was performed, revoking all active user logins, as well as any multi-factor authentication, and monitoring the user’s activity within our on-premises and cloud-based environments,” the company’s notice said.
Meanwhile, to help users mitigate the potential dangers, DRT will offer complimentary identity theft protection services.
Your email address will not be published. Required fields are markedmarked