Agora Giedroyć
Transport and Logistics

Stopping a data leak in a transport company

A former IT technician threatened to publish a customer database. We took over conversations and recovered the data in 72 hours without paying ransom.

0 PLN ransom paid
ClientTrans-Logistyka Częstochowa
IndustryTransport and Logistics
TimelineNovember 2024

The owner of a local transport company was pushed against the wall when a former IT employee blocked access to a database of 83 key contractors. The blackmailer demanded cash in exchange for not passing order history to the competition.

Negotiations with blackmailerData securingCrisis managementIT AuditReputation protection

The challenge

The crisis began on Tuesday, November 14, when the shipping system stopped responding. A few hours later, the president received a message on a private number with a demand for 45,000 PLN. The former IT technician used an old administrator password that no one had changed after his departure in June.

The risk was enormous because the database contained rates negotiated over 8 years of operation. Publishing this data could lead to the termination of contracts with 14 main fuel and chemical recipients. The board was close to paying the protection money, fearing paralysis of the fleet of 32 trucks that had to hit the road on Thursday morning.

Our approach

The Agora Giedroyć team entered the client's office on November 15 at 9:15 AM. The first step was to cut the blackmailer off from the servers by physically changing ports in the headquarters. Marcin Giedroyć took over all communication with the former employee, using a method of controlled fatigue of the opponent.

Instead of threatening court, which usually only escalates aggression, we showed the perpetrator that we knew his exact location and about the copied files. We acted in silence, without involving the police at this stage, so as not to create documentation that could leak to the local media. We focused on facts and cold calculation.

The solution

Within 48 hours, we prepared a settlement that legally bound the perpetrator and forced him to hand over all copies of the data in exchange for ceasing further steps. We implemented a new login protocol for 12 office employees, based on hardware keys, which definitively closed the security gap.

Additionally, we conducted a quick audit of the remaining 4 computers in the shipping department, finding two other active access accounts belonging to people who had not worked at Trans-Logistyka for over a year. The entire operation to restore full control took less than three days.

Results

The company regained access to all resources without paying a single penny to the blackmailer. Thanks to the discreet action, none of the contractors found out about the problems, and 32 vehicles hit the road according to schedule.

0 PLN
ransom paid
72h
operation duration
83
secured accounts
12
new access keys

Timeline

  1. November 14
    Database block and first financial demand.
  2. November 15, 9:15 AM
    Takeover of negotiations by Agora Giedroyć and physical securing of servers.
  3. November 16
    Direct confrontation with the blackmailer and presentation of settlement terms.
  4. November 17
    Unblocking systems and implementing new security procedures.

"We were ready to pay just to save the company from collapse. Mr. Marcin calmed the emotions and handled the matter so that no one from the outside noticed anything. It was calm in the middle of a crisis."

Andrzej Wiśniewski Owner, Trans-Logistyka Częstochowa December 2024
← Back to case studies