Watch Now


Estes reports all systems are back online after cyberattack

President and COO Webb Estes reviews restored functions, praises customers that stuck around

Estes Express continues to make progress coming back from a cyber attack. (Photo: Jim Allen/FreightWaves)

Editor’s note: This story was updated at 6:30 p.m. on Oct. 24 to reflect new information from Estes.

The president of Estes Express went online Tuesday to announce all the company’s operations are back to normal and it has overcome a massive cyberattack.

Tuesday’s announcement came just a few days after Webb Estes took to a public video platform to report that most of the key operations at the LTL carrier that bears his family name have been fixed after a cyberattack early this month. In the video, Webb Estes said all systems had been restored.

The precise date of the start of the Estes cyberattack is not clear, but it became known in the industry by the start of the workweek that began Oct. 2. 


Webb Estes said last week the company is “working tirelessly to complete the restoration of our systems and make them even safer,” suggesting then that the entire task of rebuilding after the attack is not complete. However, he did not offer specifics on what systems remain down.

Most importantly, Webb Estes said the company’s application programming interface connections with customers and other counterparties are back online. APIs have been defined as “a set of programming code that enables data transmission between one software product and another.” 

“Our API connections are available to integrate our shipping functionality into our customers’ business applications and websites,” Webb Estes said in the recording. 

He also said the company had restored the “image document retrieval API.” But that takes time, and Webb Estes said “we’re working hard to get all scanned images into our system so invoicing can resume soon with our APIs.” 


Since the Oct. 6 update, the company’s website also was restored, as was its phone service.

Given that Estes is not a public company, outsiders will not be able to ascertain how much of a hit the company took on its cybersecurity attack. The only analogy that could be made, given that they are both LTL carriers, would be to the fourth-quarter 2020 attack at Forward Air (NASDAQ: FWRD). 

The companies are admittedly different; Forward Air is an LTL carrier but with its activities focused on moving airfreight. But its Q4 2020 revenue of $350.3 million was followed by first-quarter 2021 revenue of $362.2 million. By the fourth quarter of 2021, revenue had climbed to $459.9 million, admittedly in the midst of a historically good freight market.

In several of his daily updates, chief Deutsche Bank transportation analyst Amit Mehrotra suggested that the third-quarter earnings calls of publicly traded LTL carriers might give some suggestion about how much Estes business was moved over to other companies.  However, private conversations with some LTL executives suggest the size of any lost business was minimal, with at least one executive at a leading LTL provider saying his company had seen almost no increase in business that could be attributed to the Estes hack.

Webb Estes gave no hint how large the impact on its business might be as it switched to a more manual system during the cyberattack. But he heaped praise on customers that had remained. 

“We continue to see our customers choosing Estes for their shipping needs,” Webb Estes said. “We know you have choices. So we’d like to thank our many customers who’ve stuck by us through this challenge. Your trust in us has helped drive efforts toward returning online quickly, responsibly and safely. We’ve hardened our technology environment, and we’re building back stronger than ever. Again, please accept my sincere thanks for your patience and trust.”

More articles by John Kingston

Taking stock of what happened at Estes


TriumphPay’s EBITDA loss narrows, volume increases, factoring invoices stay flat

XPO’s Jacobs on his next venture: Wait and see

John Kingston

John has an almost 40-year career covering commodities, most of the time at S&P Global Platts. He created the Dated Brent benchmark, now the world’s most important crude oil marker. He was Director of Oil, Director of News, the editor in chief of Platts Oilgram News and the “talking head” for Platts on numerous media outlets, including CNBC, Fox Business and Canada’s BNN. He covered metals before joining Platts and then spent a year running Platts’ metals business as well. He was awarded the International Association of Energy Economics Award for Excellence in Written Journalism in 2015. In 2010, he won two Corporate Achievement Awards from McGraw-Hill, an extremely rare accomplishment, one for steering coverage of the BP Deepwater Horizon disaster and the other for the launch of a public affairs television show, Platts Energy Week.