Watch Now


Estes execs recap hack experience in unusual video presentation

Webb Estes admits to tears; partnership with outside adviser strongly recommended

Estes Express executives discussed the cyberattack on their company in a recent video. (Photo: Jim Allen/FreightWaves)

Two of the key executives caught up in the maelstrom of the recent hack on Estes Express — including one whose name is on the headquarters — have released a remarkable video that talks about how the company dealt with the cyberattack that led to a shutdown of most of the LTL’s operations. 

The video features President Webb Estes and CIO Todd Florence. It was released password protected to the media, and a spokesman for Estes said it may eventually be released to the public but is not available now. 

There is no requirement for such a presentation; Estes Express is private and can do what it wants.

But Webb Estes said he and other company executives had chosen to be public “in an effort to make the industry stronger and to share with as much of the industry as we can, to help make us all stronger and better.”

“It really is us versus them as opposed to trying to play a corporate game of gotcha with one another,” he said. 

The video is short on specific recommendations on avoiding a cyberattack but covers a wide range of steps that a company should consider in dealing with one. 


Todd Florence (l) and Webb Estes in video presentation on company’s recent cyberattack. (Photo: Estes Express)

Crying while recording a video

Webb Estes in particular talked in an openness normally not heard from top executives of companies that have about 22,000 employees. Webb Estes, who released videos during the hack to keep the company’s customers and others up to date on progress, said several weeks earlier he had sat in the same room where the latest video was being recorded and as he got ready to record that first status video, “I cried through the first two takes, and that’s humbling.

“There’s just emotions there and I would say you kind of have to fight through those,” he said. “You have to recognize them, not hide from them. But you also have to recognize that I’m paid for a job and we’re going to find a way through this together.”

And while the discussion between Webb Estes and Florence did focus heavily on the issue of team management during a crisis, there were several points of discussion regarding what other companies should do to ready themselves for an attack that Florence said is most likely “not if, but when.”

One question submitted by the media that was not addressed was whether Estes paid ransom to help end the attack. 

Webb Estes said when a company is hit like Estes Express was, “you realize that customers have choices and options, and they don’t have to go with you.”

Estes Express is private, so it does not disclose its finances. Webb Estes also said it has no debt, so he “didn’t need to speak with bankers.”

Lack of a financial impact

But he indirectly shot down any suggestion that other LTL companies were able to grab significant market share as a result of the hack. “I am proud to say that at this point, we are back  hitting numbers that are up year over year,” he said. 

Florence said Estes Express had “noticed some outside actor activity on our network” on Oct. 1, a Sunday. By later that day, the word was spreading, boosted by an Estes Express tweet that didn’t use the word “cyber” but told the world that it was having technical problems. 

Operations returned in stages, often accompanied by a video from Webb Estes. His final pronouncement that all operations were back to normal was put on X Oct. 24

But the attack was not all-encompassing, Florence said, and many of the technical capabilities at Estes were shut down by the company’s own decision.

“If there was a big red button, this is kind of what we pushed,” Florence said. All network connectivity was turned off, “and we did that in an attempt to protect our employees, our customers, our partners and then to give us a playing field from which we understood what was going on.”

Estes Express did have an “incident response” plan that it had put together with Guide Point Security Services. “We probably had them engaged within 90 minutes of turning off all the network connectivity,” Florence said.

That relationship came in for significant praise by both Florence and Webb Estes. Companies should have “somebody they know on speed dial” when they get hit in such an attack. “We surveyed lots of different companies to pick one,” he said, adding that a cybersecurity partner needs to understand culture as well as technology.

Having a partner also helps a company get past some tough internal times. “Conversations can get heated pretty quickly when you’re trying to figure out what is the right path to go,” Florence said, noting that a partnership with an outside company, with an incident response plan in place, allows a company to avoid “spending a lot of time in the worrying and more about how do we move forward.”

Communication systems mostly weren’t affected by the hack and instead stopped working because of Estes Express’ decision to shut them down, Florence said.

And Webb Estes said the company needed to avoid the temptation to bring back too quickly those systems that weren’t hacked. “I almost felt like we could get up in 24 hours,” he said. “But part of that process is you’re also trying to make sure that when you do come back up, you come back up clean and secure.”

A message that came through numerous times during the discussion is that mistakes are going to be made in the recovery and the best way to deal with them is to accept that they are going to occur. Florence said there were plenty of instances of seeing some employees take steps that were inventive but then on further review, “we’d come back and say, ‘Don’t do that, please.’” But overall, “the teams found lots of ways to get things done.”

Go home! 

Dealing with burned-out employees is a key challenge, both Florence and Webb Estes said.

“I saw that our role wasn’t just to be making good decisions,” Webb Estes said. “It was counselor. It was, ‘Hey, you need to go home and get eight hours of sleep and then come back and give me a strong 16, but like get out of here now. Take your break.’”

Both Florence and Webb Estes recommended spending money to prepare and defend in advance. 

“I think what you’ll see coming out of this is continued investment in more security,” Florence said, adding that earlier investments in cloud technology were able to prevent the hack from being more extensive.

Webb Estes referred to a recent presentation he heard at a conference where a speaker discussed “building out a digital twin and giving customers visibility to do all their freight.”

Estes Express will “continue to lean into those things,” Webb Estes said. 

More articles by John Kingston

Reliance’s Albrecht sees capacity disappearing from market at rapid pace

3PLs get fresh legal win in fight to block liability in truck accidents

Haslam family sues Berkshire over valuing of final chunk of Pilot

7 Comments

  1. mary kane

    In the realm of digital distress, where the loss of access to Instagram, WhatsApp, Snapchat, and Facebook can feel like losing a part of oneself, onlinerecoveryconsultants AT/Gmail com emerged as my guiding light. Faced with the daunting task of reclaiming my online presence, I discovered a remarkable ally in this team of recovery experts.

  2. Mike Pierce

    I have been with Estes for 14 yrs in sales and I saw how operation’s managers and supervisors became laser focused on working together and with office and sales people to keep freight moving to customers accurately. Because of the years of experience that many had, due to being, ” in the business” for so long, we had the knowledge to move from screen to paper transactions quickly. Sales, Customer Service and operations all worked in tandem to keep the necessary processes completed and freight picked up and delivered. It was an amazing experience to be a part of. No one said ” that’s not my job”. One team pulling in the same direction! This took place because of the transparence of our leaders who did not hide the attack or pretend but reassured and encouraged us as employees. That was what caused the motivation to do what we did. What a blessing to be part of it!

  3. Scott Lambert

    I am a driver of over 13 years at Estes. I could not have been more proud of how this situation was handled. We knew our customers still needed to ship their freight, but as we got things up and running they started coming back. That makes u feel good knowing the customers value our commitment and hands on communication with them! I think in the end Estes will be an even stronger company and force going forward in the LTL market!

  4. Jonathankemp

    Im a driver for Estes express line and i have to say this is the best company to work for .I have never been over work at all by this company u get pay for what u do i hope to oneday be a terminal manager oneday for this company i never slowed down during the attack all the drivers and employees stayed Estes strong the whole time great job Estes employees have a great day

Leave a Reply

Your email address will not be published.

John Kingston

John has an almost 40-year career covering commodities, most of the time at S&P Global Platts. He created the Dated Brent benchmark, now the world’s most important crude oil marker. He was Director of Oil, Director of News, the editor in chief of Platts Oilgram News and the “talking head” for Platts on numerous media outlets, including CNBC, Fox Business and Canada’s BNN. He covered metals before joining Platts and then spent a year running Platts’ metals business as well. He was awarded the International Association of Energy Economics Award for Excellence in Written Journalism in 2015. In 2010, he won two Corporate Achievement Awards from McGraw-Hill, an extremely rare accomplishment, one for steering coverage of the BP Deepwater Horizon disaster and the other for the launch of a public affairs television show, Platts Energy Week.