Boyd Bros. Transportation, LLC and WTI Transport, LLC, Alabama-based trucking carriers under TFI International, discovered that unauthorized parties may have accessed their computer systems in May 2026. Personal information belonging to individuals connected to the companies may have been exposed as a result. Companies entrusted with sensitive personal data have a responsibility to keep that information secure, and failing to do so can leave people vulnerable to fraud and identity theft.
Boyd Bros. Transportation and WTI Transport’s Data Breach Investigation
Boyd Bros. Transportation, LLC and WTI Transport, LLC, both flatbed trucking carriers headquartered in Birmingham, Alabama, and subsidiaries of TFI International, first became aware of a potential breach on or about May 12, 2026. An ongoing investigation confirmed on or about May 22, 2026, that personal information may have been exposed in the incident. The companies reported the matter to the Massachusetts Attorney General’s office and began notifying potentially affected individuals on June 22, 2026.
According to the notification filed with regulators, unauthorized access to Boyd Bros. Transportation and WTI Transport’s computer systems allowed exposure of names, Social Security numbers, personal addresses, email addresses, dates of birth, and driver’s license information. The companies have not publicly disclosed the specific cause of the intrusion or the full scope of individuals affected nationwide. A Massachusetts filing indicated that only three residents of that state were among those notified, though the total number of people impacted across all states remains unclear.
Trucking and logistics companies increasingly rely on large digital databases containing driver, employee, and customer records, making them attractive targets for cybercriminals. Attackers who compromise these systems often seek personally identifying information that can be resold or exploited directly, since driver’s license numbers and Social Security numbers together create a particularly valuable combination for identity theft. Industry data shows that transportation and logistics firms have seen a steady increase in reported cyber incidents in recent years as more back-office and dispatch operations move onto interconnected networks.
When a company’s notification timeline includes a gap between an incident being detected and the public being notified, as appears to have happened here, questions often arise regarding how quickly affected individuals could take protective steps. Attorneys who investigate data breach cases frequently examine whether a company’s security safeguards were reasonable given the sensitivity of the information it stored, and whether notification was provided as promptly as applicable state laws require. Alabama, Massachusetts, and other states impose specific deadlines and content requirements for breach notification letters, and any deviation from those requirements can become a focus of subsequent legal claims.
Because Social Security numbers and driver’s license numbers were both reportedly involved, individuals connected to this breach face an elevated risk of follow-up phishing attempts, fraudulent account openings, and tax-related identity theft. Security researchers commonly note that stolen driver’s license data, when combined with a Social Security number, can be used to pass identity checks required to open new lines of credit or file fraudulent government benefit claims. This combination of data types is considered high-risk by consumer protection advocates precisely because it can be used to impersonate someone across multiple types of accounts and services, not just financial ones.
Notification delays following a confirmed breach are common across industries, not just trucking and logistics, and are often driven by the time needed to determine the full scope of a network intrusion, coordinate with forensic investigators, and satisfy varying state-by-state notification deadlines. Federal and state consumer protection laws generally require notice without unreasonable delay, but what counts as reasonable can differ depending on the complexity of the investigation and the number of jurisdictions involved. For individuals whose information was exposed, the period between an incident’s discovery and formal notification is often when they remain most vulnerable, since fraudulent activity using stolen data can begin well before a notification letter ever arrives in the mail.
Cybercriminals frequently target the transportation sector because carriers like Boyd Bros. Transportation and WTI Transport maintain large repositories of employee, driver, and applicant records that are attractive for resale on illicit marketplaces. Unlike retail data breaches, where stolen information is often limited to payment cards, breaches at logistics and trucking companies frequently expose more complete profiles, including government-issued identification numbers and dates of birth, since these companies must verify driver credentials as part of routine hiring and compliance operations. This makes any breach at a carrier company potentially more damaging on a per-record basis than breaches limited to financial transaction data alone.
When Did This Breach Occur?
Boyd Bros. Transportation and WTI Transport say they became aware of a potential security incident on or about May 12, 2026. Their investigation confirmed on or about May 22, 2026 that personal information had likely been exposed. The companies began sending notification letters to affected individuals on June 22, 2026, roughly six weeks after initial discovery.
What Information Was Breached?
The notification filed with Massachusetts regulators states that exposed information may have included names, Social Security numbers, personal addresses, email addresses, dates of birth, and driver’s license information. The exact scope of data exposed can vary by individual, and affected persons should review their own notification letter carefully for details specific to their situation.
What You Can Do
If you received a notice from Boyd Bros. Transportation or WTI Transport, consider taking the following steps:
- Keep your notification letter as proof you were affected.
- Enroll in any free credit monitoring or identity protection services offered in your letter.
- Place a fraud alert or credit freeze with Equifax, Experian, and TransUnion.
- Regularly review your bank and credit card statements for unauthorized activity.
- Request free credit reports at AnnualCreditReport.com and watch for unfamiliar accounts.
File a Data Breach Lawsuit Against Boyd Bros. Transportation and WTI Transport
If your personal information was exposed in the Boyd Bros. Transportation and WTI Transport data breach, you may have legal options to pursue compensation for the harm you’ve experienced, including time spent responding to the incident and any out-of-pocket costs.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.