The freight company Estes Forwarding Worldwide has now confirmed that it recently notified victims of a cyberattack. The company’s customers and employees were notified of the May 28, 2025, security incident by the company. The ransomware gang Qilin took credit for the attack on June 23, posting sample images of stolen documents. These leaked documents included passport scans, driver’s licenses, and many different kinds of internal company financial spreadsheets.
Estes has not yet officially verified the ransomware gang Qilin’s claim of responsibility for the major security breach.
We do not yet know what specific data was compromised or how many people Estes has officially notified. It is also not known if Estes paid a ransom or how much money the ransomware gang Qilin demanded. The company’s CEO said there was no significant disruption to the business and they were fully operational within hours.
This is not the first ransomware attack to hit the Estes family of companies within the last few years. In September 2023, the ransomware gang LockBit took credit for a different attack on the parent company. Estes notified over twenty-one thousand victims of the resulting data breach, which compromised their Social Security numbers.
That previous attack shows a pattern of the company being targeted by sophisticated and well-known cybercriminal organizations.
Qilin is a ransomware gang that began claiming responsibility for attacks on its data leak site in late 2022. Based in Russia, Qilin mainly targets its victims through phishing emails to spread its ransomware software online. In 2024, researchers logged seventeen confirmed ransomware attacks on many different United States transportation businesses. In 2025, ransomware groups have made seventy-eight such claims, but this attack on Estes has now been confirmed.
Reference:
