Cyber Incident Victim: ATC Transportation

ATC Transportation identified a ransomware attack on March 22, 2021, after discovering unauthorized actors had encrypted certain servers using malware. The company immediately secured its systems, initiated an investigation, and engaged a leading cybersecurity firm to assist. Federal law enforcement was notified, with ATC continuing to support their investigation. Forensic analysis revealed the attackers first accessed ATC's systems intermittently between March 4, 2021, and March 22, 2021. During this 18-day period, the threat actor exfiltrated data from the compromised environment. On April 15, 2021, ATC confirmed the stolen data potentially included personal information belonging to current and former employees and job applicants, specifically names, Social Security numbers, and Department of Transportation-mandated drug test results.

The incident impacted individuals associated with ATC through employment or application processes, exposing them to potential identity theft and fraud risks. On May 7, 2021, ATC began mailing notification letters to affected parties and established a dedicated call center to address inquiries. The company offered complimentary credit monitoring and identity protection services to individuals whose Social Security numbers were potentially compromised. ATC stated it implemented additional security measures to strengthen network, system, and data protections following the attack. The organization expressed regret over the incident and emphasized its commitment to safeguarding personal information, though no specific technical details about the ransomware variant, payment status, or exact data volume were disclosed in the public notification. Federal investigations remained ongoing at the time of the disclosure.