Subscribe To Our Newsletter

This field is for validation purposes and should be left unchanged.

Boyd Bros. Transportation and WTI Transport Data Breach

Boyd Bros. Transportation and WTI Transport, Alabama-based trucking carriers, discovered unauthorized access to their systems in May 2026 that may have exposed employee and driver personal information, including Social Security and driver’s license numbers.

Boyd Bros. Transportation and WTI Transport
Date of Breach: May 12, 2026
CAU logo

Who was affected:

Clients of Boyd Bros. Transportation and WTI Transport

Impacted Data:

Names, Social Security numbers, addresses, email addresses, dates of birth, driver’s license information

Boyd Bros. Transportation, LLC and WTI Transport, LLC, Alabama-based trucking carriers under TFI International, discovered that unauthorized parties may have accessed their computer systems in May 2026. Personal information belonging to individuals connected to the companies may have been exposed as a result. Companies entrusted with sensitive personal data have a responsibility to keep that information secure, and failing to do so can leave people vulnerable to fraud and identity theft.

Boyd Bros. Transportation and WTI Transport’s Data Breach Investigation

Boyd Bros. Transportation, LLC and WTI Transport, LLC, both flatbed trucking carriers headquartered in Birmingham, Alabama, and subsidiaries of TFI International, first became aware of a potential breach on or about May 12, 2026. An ongoing investigation confirmed on or about May 22, 2026, that personal information may have been exposed in the incident. The companies reported the matter to the Massachusetts Attorney General’s office and began notifying potentially affected individuals on June 22, 2026.

According to the notification filed with regulators, unauthorized access to Boyd Bros. Transportation and WTI Transport’s computer systems allowed exposure of names, Social Security numbers, personal addresses, email addresses, dates of birth, and driver’s license information. The companies have not publicly disclosed the specific cause of the intrusion or the full scope of individuals affected nationwide. A Massachusetts filing indicated that only three residents of that state were among those notified, though the total number of people impacted across all states remains unclear.

Trucking and logistics companies increasingly rely on large digital databases containing driver, employee, and customer records, making them attractive targets for cybercriminals. Attackers who compromise these systems often seek personally identifying information that can be resold or exploited directly, since driver’s license numbers and Social Security numbers together create a particularly valuable combination for identity theft. Industry data shows that transportation and logistics firms have seen a steady increase in reported cyber incidents in recent years as more back-office and dispatch operations move onto interconnected networks.

When a company’s notification timeline includes a gap between an incident being detected and the public being notified, as appears to have happened here, questions often arise regarding how quickly affected individuals could take protective steps. Attorneys who investigate data breach cases frequently examine whether a company’s security safeguards were reasonable given the sensitivity of the information it stored, and whether notification was provided as promptly as applicable state laws require. Alabama, Massachusetts, and other states impose specific deadlines and content requirements for breach notification letters, and any deviation from those requirements can become a focus of subsequent legal claims.

Because Social Security numbers and driver’s license numbers were both reportedly involved, individuals connected to this breach face an elevated risk of follow-up phishing attempts, fraudulent account openings, and tax-related identity theft. Security researchers commonly note that stolen driver’s license data, when combined with a Social Security number, can be used to pass identity checks required to open new lines of credit or file fraudulent government benefit claims. This combination of data types is considered high-risk by consumer protection advocates precisely because it can be used to impersonate someone across multiple types of accounts and services, not just financial ones.

Notification delays following a confirmed breach are common across industries, not just trucking and logistics, and are often driven by the time needed to determine the full scope of a network intrusion, coordinate with forensic investigators, and satisfy varying state-by-state notification deadlines. Federal and state consumer protection laws generally require notice without unreasonable delay, but what counts as reasonable can differ depending on the complexity of the investigation and the number of jurisdictions involved. For individuals whose information was exposed, the period between an incident’s discovery and formal notification is often when they remain most vulnerable, since fraudulent activity using stolen data can begin well before a notification letter ever arrives in the mail.

Cybercriminals frequently target the transportation sector because carriers like Boyd Bros. Transportation and WTI Transport maintain large repositories of employee, driver, and applicant records that are attractive for resale on illicit marketplaces. Unlike retail data breaches, where stolen information is often limited to payment cards, breaches at logistics and trucking companies frequently expose more complete profiles, including government-issued identification numbers and dates of birth, since these companies must verify driver credentials as part of routine hiring and compliance operations. This makes any breach at a carrier company potentially more damaging on a per-record basis than breaches limited to financial transaction data alone.

When Did This Breach Occur?

Boyd Bros. Transportation and WTI Transport say they became aware of a potential security incident on or about May 12, 2026. Their investigation confirmed on or about May 22, 2026 that personal information had likely been exposed. The companies began sending notification letters to affected individuals on June 22, 2026, roughly six weeks after initial discovery.

What Information Was Breached?

The notification filed with Massachusetts regulators states that exposed information may have included names, Social Security numbers, personal addresses, email addresses, dates of birth, and driver’s license information. The exact scope of data exposed can vary by individual, and affected persons should review their own notification letter carefully for details specific to their situation.

What You Can Do

If you received a notice from Boyd Bros. Transportation or WTI Transport, consider taking the following steps:

  • Keep your notification letter as proof you were affected.
  • Enroll in any free credit monitoring or identity protection services offered in your letter.
  • Place a fraud alert or credit freeze with Equifax, Experian, and TransUnion.
  • Regularly review your bank and credit card statements for unauthorized activity.
  • Request free credit reports at AnnualCreditReport.com and watch for unfamiliar accounts.

File a Data Breach Lawsuit Against Boyd Bros. Transportation and WTI Transport

If your personal information was exposed in the Boyd Bros. Transportation and WTI Transport data breach, you may have legal options to pursue compensation for the harm you’ve experienced, including time spent responding to the incident and any out-of-pocket costs.

Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.

Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This field is for validation purposes and should be left unchanged.
Other Data Breaches
Date of Breach: November 24-26, 2025 (discovered November 26, 2025; notification sent July 8, 2026)
Date of Breach: August 22, 2024
Date of Breach: January 31, 2025
Related News

Frequently Asked Questions

A data breach occurs when sensitive, confidential, or protected information is accessed, stolen, or disclosed without authorization. Data breaches often occur through phishing emails, malware, weak passwords, insider threats, or unsecured databases. Indicators of a data breach can include unexpected password resets, suspicious account activity, unauthorized transactions, or notifications from companies about compromised information.If you suspect your data has been compromised, you must take measures and act quickly. Change passwords, enable two-factor authentication, review your financial accounts for unusual activity and consider freezing your credit.

Once stolen, your personal information may be sold on the dark web or used for identity theft and financial fraud. In some cases, hackers use the data to extort companies or launch further attacks. Victims often face long-term risks, including damage to credit and privacy.

If you receive a data breach notification, don’t ignore it. Immediately change passwords for the affected account and any others that share credentials. Enroll in any free credit monitoring services offered and monitor financial statements closely.

To pursue a data breach claim, you’ll need documentation showing your information was compromised and proof of resulting harm, such as fraudulent charges, credit score damage, or identity theft reports. Notification letters, financial records, and communication with the breached company can help support your claim.

Yes. If a company fails to protect consumer data or delays notifying victims, it may be held liable under state and federal privacy laws. Many victims join class action lawsuits to recover financial losses and hold negligent organizations accountable.

Data breach settlements vary widely depending on the size of the breach, type of data compromised, and damages suffered by victims. Payouts may include cash compensation, identity theft protection, or reimbursement for losses. Many settlements range from a few hundred to several thousand dollars per person. A skilled data breach lawyer can guide victims through the complex legal process, ensuring their rights are protected. If you’ve received a data breach notification or believe your personal data was exposed, you may be eligible for compensation. Contact Class Action U to learn more about how to join a data breach lawsuit and understand the process of filing.