STI Holdings is the parent company of several logistics companies, including Stoughton Trailers, Stoughton Rental and Lease, Stoughton Parts Sales, Stoughton Trucking, Stoughton Logistics, and Stoughton Trailers Acceptance Company. In June of this year, STI faced a significant ransomware cyberattack.
The public consumer notice for the event states the incident included sophisticated ransomware. The same notice indicates that the attack impacted systems, including current and former employee data breach.
Although the consumer notice does not indicate when the attack happened, the breach filing on the Maine Attorney General’s website does. The event occurred around May 25th and lasted until June 9th; on this day, officials from STI presumably discovered the ransomware within their system. They opened subsequent investigations, which concluded around September 28th. Around December 2nd, officials sent notices to those impacted.
The notice on Maine’s Attorney General’s website indicates that current and former employees of STI companies are at risk. The letter does not state the extent of the breach on impacted subsidiary servers; this leaves all employees of STI subsidiaries at risk for data misuse.
Maine’s breach filing suggests the event may impact nearly 4,300 current and former employees. The final number of those impacted may increase with further reviews, but STI will likely not notify the government with updates. We suggest all current and former employees of STI or its subsidiaries take steps to protect themselves; they should secure their accounts with strong passwords and authentications—and invest in credit monitoring services for identity and financial accounts.