News

One weak password. 700 jobs lost. A 158-year-old company shut down.

In a sobering example of how devastating weak cybersecurity can be, a 158-year-old UK truck company KNP has permanently shut down following a ransomware attack. The breach, reportedly triggered by a single guessed password, led to catastrophic consequences, including the loss of over 700 jobs.

According to administrators and cybersecurity experts involved in the case, the attack began when the Akira ransomware gang guessed an employee’s password. No phishing email, no software vulnerability, just a credential that was weak or reused enough to be cracked.

Once inside, the attackers deployed ransomware across the network. Backup systems were compromised, and disaster recovery options failed. KNP brought in cybersecurity specialists, but the damage was already done.

The ransom demand? Close to £5 million.

KNP couldn’t pay it and even if they had, there’s no guarantee they’d have gotten their systems back. Instead, they entered administration. Within weeks, all operations were shut down.

Why this matters to every business

This wasn’t a tech startup with no budget. KNP had been in business since 1867. They had cyber insurance. They had IT systems. And still, a single password took the whole thing down.

If you think this kind of breach only happens to careless companies, think again. The real takeaway here is simple: Weak passwords are still one of the most common ways cybercriminals get in.

What went wrong (and what to learn)

1. Weak or guessable password

The attacker didn’t need to exploit a flaw, they just logged in. This means no strong password policy was in place, or it wasn’t enforced.

2. No multi-factor authentication (MFA)

Had MFA been active on that account, the guessed password alone wouldn’t have been enough.

3. Backups weren’t protected

Even after the attack, KNP couldn’t recover their data. Their backups were also hit, which points to poor backup isolation or lack of offline storage.

4. Ransomware outpaced response

By the time cybersecurity teams got involved, key systems were already encrypted or deleted. Speed matters, but prevention matters more.

What you can do right now

At Passwd.team, we help teams avoid exactly this kind of disaster. Here are simple but crucial steps you can take today:

  • Enforce strong, unique passwords across your organization
  • Use a password manager so no one has to remember complex logins
  • Turn on MFA for all accounts, especially admin and remote access tools
  • Isolate and test your backups so ransomware can’t touch them
  • Run regular security audits and phishing simulations

The collapse of KNP is heartbreaking. Not just because of the job losses or the end of a 158-year legacy, but because it was completely preventable.

It wasn’t a zero-day exploit. It wasn’t state-sponsored hacking. It was just a password.

Cybersecurity isn’t about complexity. Often, it starts with the basics and password hygiene is the most basic of all.

If this story has you wondering how secure your own systems really are, it might be time to review your password policies. We’re here to help.