The Password That Shut Down a 158-Year-Old Business

Evan Francen > Blog > Security > Breach > The Password That Shut Down a 158-Year-Old Business

For most of us, ransomware stories feel abstract — something that happens to “other companies,” something insurance will cover, something you can recover from with backups and a good IT team.

Then came the collapse of KNP Logistics Group, better known under its flagship brand Knights of Old. A 158-year-old British haulage company — hundreds of trucks, hundreds of employees, generations of history — was brought to its knees by one weak password.

This wasn’t a start-up with no resources. It wasn’t even a tech firm; it was an established logistics provider woven into the UK’s supply chain. And yet it was gone in a matter of months.

The Company: A Pillar of UK Haulage

Knights of Old was founded in 1865, growing from a single horse and cart to become one of the UK’s largest private logistics firms. In 2016, the company became part of KNP Logistics Group, alongside Nelson Distribution and Steve Porter Transport.

By 2023, the group:

  • Employed around 900 people across its brands.
  • Operated a fleet of ~500 lorries.
  • Had a national footprint with depots and long-term customer contracts.
  • Was considered a stable, mid-sized logistics player in the UK.

They had history, brand equity, and decades of operational know-how. Despite all this, they were undone almost overnight.

How the Breach Happened

Every credible analysis agrees on the core failure:

  • Attackers (later attributed to the Akira ransomware group) guessed or brute-forced an employee password on an internet-facing service.
  • The account had no multi-factor authentication (MFA). Once the attackers got in, nothing stopped them.
  • They moved laterally, escalating privileges and mapping the network.
  • They deployed ransomware across servers, workstations, and virtual environments — including backups and disaster recovery (DR) systems. Everything the company needed to restore itself was encrypted or destroyed.

This wasn’t an advanced zero-day exploit. It wasn’t a state-sponsored espionage campaign. It was the cyber equivalent of a burglar finding the front door unlocked.

The group demanded a multi-million-pound ransom (widely reported around £5M). Paying was risky and possibly futile: the company couldn’t confirm it would get working decryption keys, and even if it did, the damage to systems and records was catastrophic.

Timeline of the Collapse

  • June 26, 2023 – Attackers break in using a guessed/compromised password.
  • Early–Mid July 2023 – Ransomware detonates; operational systems begin encrypting. Logistics management, routing, and financial systems become unusable.
  • July–August 2023 – Recovery efforts fail as backups/DR are found compromised. Manual workarounds can’t keep up; lenders demand financials the company can’t produce because accounting data is gone.
  • Sept 22, 2023 – KNP files a notice of intent to appoint administrators.
  • Sept 25–26, 2023 – The group officially enters administration. About 730 people lose their jobs.
  • Late 2023 – 2024 – Asset sales follow. Nelson Distribution is sold to Kinaxia Logistics, saving ~170 jobs, but the historic Knights of Old brand effectively ends.
  • 2025 – Retrospective reporting turns KNP into a global cautionary tale: “a 158-year-old company killed by one weak password.

Why Insurance and Backups Didn’t Save Them

KNP reportedly had cyber insurance and an insurer-provided cyber crisis team. It didn’t matter.

  • Backups failed because they weren’t fully isolated or immutable. Once attackers had admin access, they encrypted or destroyed the restore points.
  • Insurance paid some initial response costs but could not rebuild an entire crippled business, nor replace lost financial records critical to getting emergency loans.
  • Lost data killed financing options — banks and investors asked for books to assess rescue funding; the company couldn’t produce them.

This is a vital wake-up call: insurance and backups are only safety nets, and only IF you survive an attack.

The Human and Business Impact

  • ~730 jobs vanished almost overnight.
  • A company with 158 years of heritage disappeared.
  • Customers were stranded; supply chains were disrupted.
  • Remaining assets were carved up and sold.

It’s not just IT downtime. This was the livelihood of hundreds of families, the collapse of a trusted service provider, and the end of a historic name in UK logistics.

The Bigger Picture — Lessons for All of Us

1. Identity is Everything

If you still have any remote service (VPN, RDP, web portals) protected only by username/password: you’re inviting disaster. MFA isn’t optional, and it hasn’t been for a long time. If you’ve escaped this long without MFA (especially on an internet-facing system), you’re playing Russian roulette with five loaded chambers.

And not just SMS (although this is better than no MFA at all) — phishing-resistant MFA or passwordless where possible.

2. Weak Passwords Kill

“Guessable” credentials are still one of the top attack vectors. Enforce strong password policies, screen against known breached passwords, and monitor for credential stuffing.

3. Backups Must Be Untouchable

A backup connected to the same network is just another file share waiting to be encrypted. Use offline/immutable backups, test restores regularly, and secure the credentials and paths your backup software uses.

4. Insurance ≠ Resilience

Cyber insurance is helpful but not a get-out-of-jail-free card. Insurers can fund response and legal help, but they can’t restore your lost data or rebuild customer trust. Prevention and resilience matter more.

5. Operational Complexity Increases Risk

Logistics is a thin-margin, complex, always-on business. When the digital backbone breaks — fleet scheduling, invoicing, route planning — collapse is fast and brutal.

6. Security Is a Leadership Problem

This wasn’t a SOC issue. It was a business survival issue. Leaders must demand and resource asset management, identity security, backup integrity, and recovery planning — before a breach, not after.

A Brutal Reminder

What happened to KNP Logistics/Knights of Old should terrify any business that thinks “we’re too established to fail.”

A single weak password brought down a company older than the automobile itself.
It destroyed jobs, history, and trust.
And it happened in a matter of weeks.

We cannot afford to dismiss asset management, identity hygiene, backup design, and proactive resilience as “IT chores.” They are existential safeguards.

Final Thought

If you take nothing else from this story, take this:

One bad password can end a century-old business.
Don’t let it be yours.

Like too many of us, the business leaders of KNP Logistics Group thought that these things happen to “other companies”.

Do me a favor, RIGHT NOW.

Go look in the mirror. Be honest with yourself. Be honest for the people who count on you (employees, families, customers, etc.). Admit that you ARE the “other” company.

It’s past time to stop bullsh*tting yourself.

Subscribe

I don’t do spam. I don’t eat it and I don’t send it. Not to mention, it’s also illegal!

I’ll write a privacy policy soon (that you won’t read).

Leave a Comment on The Password That Shut Down a 158-Year-Old BusinessBreach, Ransomware, Security
Tags , , , , , ,

About the Author

Evan Francen

Leave a Reply

You may also like these