Cyber Incident Victim: Apex Capital Corp.

On September 23, 2022, Apex Capital Corp., a Texas-based transportation and freight factoring company, publicly confirmed a data breach involving unauthorized access to sensitive consumer information. The breach exposed names, addresses, and Social Security numbers of individuals whose data was entrusted to the company. Apex Capital initiated notification procedures on the same day by mailing data breach letters to all affected parties, advising them about potential risks of identity theft and fraud stemming from the incident. The company did not disclose the specific date of the initial intrusion or the duration of unauthorized access prior to detection. No technical details regarding attack vectors, compromised systems, or containment measures were provided in the public notification. Available information about the breach originated exclusively from the Texas Attorney General’s data breach tracking portal, as Apex Capital had not published an independent notice on its corporate website at the time of reporting.

The breach directly impacted at least 706 Texas residents according to state records, though Apex Capital’s nationwide operations suggested a potentially broader victim pool beyond state borders. Founded in 1995 and headquartered in Fort Worth, the company provides financial services including freight factoring and fuel credit lines to small- and medium-sized trucking businesses, employing over 159 personnel with annual revenues approximating $81 million. The exposure of Social Security numbers significantly elevated risks of financial fraud for affected individuals, as this data category enables identity theft and fraudulent account creation. Apex Capital’s notification did not specify whether third-party forensic investigators were engaged, whether law enforcement was involved, or if additional security controls were implemented post-breach. The incident marked a compromise of core personally identifiable information maintained by the company as part of its commercial operations, though the exact mechanism of data storage or access (e.g., cloud systems, internal servers) remained undisclosed in available sources.