Skip to content

Search the site

UPDATED: $16B freight forwarder "Expeditors" hit by crippling hack

Company takes a severe hit...

See also our updated story from May 2022 with more details

Updated 3 March 2022 at bottom with new filing from Expeditors, warning on costs

Expeditors, a $16.5 billion by annual revenue freight forwarding company, continues to be seriously affected by hackers, a week after the company said it was forced to "shut down most of our operating systems" in the wake of the cybersecuriy incident -- widely believed but not confirmed to be a ransomware attack.

As of 28 February, eight days on from the incident, most staff remain absent from the corporate office in Seattle, and employees are not allowed to log into their computers, The Stack was able to confirm.

UPDATED: The company said in a March 3 SEC filing that it "is incurring significant expenses to incorporate business continuity systems and to investigate, remediate and recover from this cyber-attack."

The incident comes as even well-resourced blue chips continue to fall prey to cybercriminals, and as security professionals say business need to pivoting from thinking about cyber "security" to thinking about cyber "resilience". (As United Airlines CISO Deneen DeFiore recently emphasised, an organisational shift away from a historical focus on cybersecurity as a pure data protection function towards operational resilience was sharpening minds "because something that can cause operational disruption has a cascading effect…")

See also: The Big Interview: Cyber Risk Leader Ramy Houssaini

Expeditors is a major player in the supply chain and logistics sector, by some measures the fourth-largest operator in the world. Its limited updates have left many customers and partners frustrated, not only with the disruption to operations, but with a perceived lack of clarity around recovery progress.

“They’re close to onboarding a new system to help them process some filings while bringing back their main systems but still very little coming from them. Their customer facing messaging is shit,” one supply chain professional who wished to remain anonymous told The Stack.

“I get that they’re working on fixing a problem but not every person there is a cyber or even an IT specialist – they should be communicating more than a copied and pasted paragraph on the website every day or so. I’m chasing down answers – no one is approaching to reassure or check in with the customer.

“Is everyone not in IT laid off?  Because if they’re not, they can help with not causing long term damage to the brand,” they added.

A supply chain industry observer, who also wished to remain anonymous, told The Stack: “It's very hard to get a handle on the amount of disruption. Expeditors is a very quiet company…. [They] have said more than some other companies which have been hit in the past, but I am finding it hard to get updates.”

They said they would have expected the company to be “communicative” with customers, but commented: “I have heard some customer concern too – but I also wonder how difficult it is to continue to operate/ communicate when your systems are down.”

The Expeditors cyberattack sparked a lively discussion on LinkedIn about the ethics of poaching business or staff from a company in this situation. Some commenters noted other logistics firms had “distastefully” approached them, offering to take on business while Expeditors was out of action. While loyalty goes to a point, our anonymous industry pro noted: “They’re not the only freight forwarder in the world...”

Bill Paul, founder of Logitalent, a specialist freight forwarding recruiter, said on LinkedIn. "Expeditors is not a client company of ours but today I issued an instruction to the team at Logitalent, Inc NOT to recruit their people while they are going through the issues created by them being cyber attacked. I hope that the Freight Forwarding industry will take a similar stance and not go after their business or people since this could happen to any of us.

"I was raised not to kick a man when he's down."

(Responses included: "There is no way to not handle the business which is stuck with so many customers" and "What would you do if you had a strategic client that had many cntrs [containers] stuck at the port bleeding demurrage , asking for help?" as frustrated Expeditors customers eyed alternatives.)

The Stack approached Expeditors for comment for this article, but we’ve received no response at time of writing.

"We recognize the challenges this incident has created within supply chains" Expeditors

The firm’s official statement, as of yesterday evening, said: “Expeditors is making progress in returning to normal operations. Our teams continue to work around the clock to deploy robust immediate and longer-term solutions, in keeping with our business continuity plans, to restore our systems as soon as possible.

“We are now handling shipments and providing services across most products and expanding recovery across our locations. We recognize the challenges this incident has created within supply chains. Expeditors greatly appreciates the patience of our customers and service providers, and can assure you that we share the urgency of making our services available in a timely manner", the company added.

In its initial acknowledgement of the attack, Expeditors said: “Upon discovering the incident, we shut down most of our operating systems globally to manage the safety of our overall global systems environment… Since it is extremely early in the process, we cannot provide any specific projections on when we might be operational, but we will provide regular updates when we are able to do so confidently.”

The cyberattack came just two days before Expeditors released its Q4 earnings, which showed the firm’s 12-month revenues had grown 72% year-on-year, reaching $16.5 billion in 2021. Its full-year profits were up 103% to $1.9 billion; in common with many in the supply chain and logistics sector, Expeditors has seen its business boom thanks to sky-high cargo rates across the world. Cybersecurity professionals have frequently warned that attacks are particularly likely shortly before major takeovers, earnings reports, or at the weekends.

“Depending on the length of the shutdown of our operations, the impact of this cyberattack could have a material adverse impact on our business, revenues, results of operations and reputation,” the firm noted in its Q4 earnings release on 22 February, without specifying how badly it expected to be impacted.

Follow The Stack on LinkedIn

Updated 3 March 2022: Expeditors has filed a statement with the US SEC saying its operations are starting to return to normal - but it is incurring "significant expenses" related to business continuity, and investigating and recovering from the attack.

"The Company's workforce is now handling shipments and providing services across most products and expanding recovery across its locations. The Company is incurring significant expenses to incorporate business continuity systems and to investigate, remediate and recover from this cyber-attack," said Expeditors in its statement.

"While the Company has partially resumed operations and expects to bring additional systems online, at this time the Company is unable to estimate when it will resume full operations."

Expeditors also said it expected to be spending more on cybersecurity in the future. It said it was unable to estimate the ultimate financial impact of the attack, but said it expected the incident would have a "material adverse impact on its business, revenues, expenses, results of operations, cash flows and reputation".