Watch Now


Estes Express confirms cyberattack 

LTL carrier says systems are still being impacted

Estes Express confirmed Tuesday that the LTL carrier has been the target of a cyberattack. (Photo: FreightWaves/Jim Allen)

Estes Express on Tuesday confirmed that it has been the target of a cyberattack.

The Richmond, Virginia-based LTL carrier did not share details about the attack or what areas of the company have been impacted. In a statement posted Tuesday morning on X, formerly known as Twitter, the company said, “… our terminals and drivers are effectively picking up and delivering freight while we work through this event. We’re working as quickly as possible to resolve this issue and return to business as usual.”

On Monday, Estes posted a notice on X announcing that it suffered an outage that impacted its IT infrastructure but did not specify the cause.

Phone calls made by FreightWaves to the main Richmond headquarters were answered with a recorded message that the call “could not be completed as dialed.” Phone calls made to two Estes depots returned the same message.


Multiple attempts from different individuals at FreightWaves to access the company’s website resulted in a message that the site could not be reached.

According to a Tuesday morning email sent out by the Deutsche Bank transportation research team led by Amit Mehrotra, privately owned Estes’ annual revenue is roughly $4 billion and it is the fifth-largest LTL carrier. 

“Depending on the length of the outage, this is a notable disruption to an already disrupted LTL market, and could have implications for other LTL carriers as they disclose October volumes numbers later this month. It’s too early to tell what impact this may have,” Deutsche Bank wrote in its note.

At approximately 10:15 a.m. Tuesday, there was no obvious reaction to the Estes news in the stock price of other LTL carriers. Old Dominion (NASDAQ: ODFL) and ArcBest (NASDAQ: ARCB) were down slightly, while Saia (NASDAQ: SAIA) was up a little more than 1%. Forward Air (NASDAQ: FWRD), which had its own significant cyberattack in 2020, was mostly unchanged.