Cyber Incident Victim: Broe Group
Date:
Dec 2020
Location:
United States of America
Summary
A ransomware attack targeted Broe Group's rail freight subsidiary OmniTRAX, conducted by the Conti gang who exfiltrated approximately 70 gigabytes of internal data including employee work computer contents before leaking it publicly following apparent non-payment of ransom demands. While the company maintained normal operations without reported disruptions to rail services, the incident marked the first publicly confirmed double-extortion ransomware case against a U.S. freight rail operator, raising concerns about exposure of sensitive employee information despite limited operational impacts. The event occurred amid broader industry apprehensions about cybersecurity vulnerabilities in transportation infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
A ransomware attack targeted Broe Group, the corporate parent of short line rail operator OmniTRAX, occurring sometime prior to December 24, 2020. The Conti ransomware gang claimed responsibility, posting approximately 70 gigabytes of stolen data on a leak site after Broe Group refused to pay ransom demands. The leaked data included internal OmniTRAX documents and contents from individual employee work computers, though the specific inclusion of rail operations data or customer information remained unconfirmed. OmniTRAX acknowledged the cyberattack but declined to disclose details about security protocols or operational impacts, with Chief Legal Officer John Spiegleman stating the company continued "business as usual" across its 21 U.S. and one Canadian short line railroads. FreightWaves verified samples of the leaked files, confirming the compromise of corporate data. The incident marked the first publicly reported double-extortion ransomware attack against a U.S. freight rail operator, involving both data theft and encryption.
While cybersecurity experts familiar with the rail industry assessed the attack caused minimal to no operational disruption to OmniTRAX’s rail services, concerns emerged regarding the exposure of employee data. The incident occurred amid heightened industry awareness of cyber vulnerabilities in increasingly digitized rail systems, with fears focusing on potential supply chain disruptions or safety system compromises. Parallels were drawn to ransomware attacks on other transportation firms, including trucking company Forward Air, where data locking had disrupted operations. Broe Group’s refusal to pay the ransom aligned with common law enforcement guidance but resulted in public data exposure. Concurrently, rail industry leaders like Greenbrier CEO Bill Furman publicly acknowledged escalating cybersecurity investments in response to rising threats, reflecting broader corporate and board-level concerns following high-profile attacks across the transportation sector. No operational outages or safety incidents were attributed to the attack in available reports.