Single password breach destroys 158-year-old British transport company KNP Logistics

A cyberattack exploiting a single employee password has led to the collapse of a 158-year-old British transport company KNP Logistics, based in Northamptonshire and operating a fleet of 500 lorries under the brand Knights of Old. The company was forced to shut down after hackers infiltrated its computer systems and encrypted vital data. Around 700 employees lost their jobs as the company was unable to recover from the attack.

The breach, believed to have occurred after cybercriminals guessed a weak employee password, allowed the attackers—identified as the Akira ransomware gang—to lock KNP out of its systems. The attackers issued a ransom note claiming the company’s infrastructure was "fully or partially dead" and invited the directors to begin ransom negotiations.

No specific sum was demanded, but cybercrime experts estimated the payment could have reached £5 million. KNP, which carried cyber insurance and claimed to meet industry cybersecurity standards, said it could not afford the ransom. With no access to its operational data, the company ultimately folded.

“I haven’t told the employee,” said KNP director Paul Abbott, when asked whether the staff member whose password was compromised had been informed. “Would you want to know if it was you?”

KNP’s downfall is part of a growing trend. The UK’s National Cyber Security Centre (NCSC), which is part of intelligence agency GCHQ, says it responds to a major cyberattack daily. The NCSC’s CEO, Richard Horne, warns that despite the agency’s efforts, companies need to improve their own defenses.

“We need organizations to take steps to secure their systems, to secure their businesses,” Horne said, adding that while the criminals are not winning, the threat is constant and intensifying.

In 2023 alone, an estimated 19,000 ransomware attacks targeted UK businesses, according to the government’s cybersecurity survey. Industry research puts the average ransom demand in the UK at £4 million, with roughly one-third of businesses opting to pay.

Recent victims include major retailers such as M&S, Co-op, and Harrods. Last week, Co-op confirmed that personal data belonging to all 6.5 million of its members had been stolen. At M&S, attackers used social engineering tactics—tricking employees rather than deploying malware—to breach internal systems. The attack caused delivery delays and empty shelves, and exposed customer data.