There were 767 recorded supply chain crimes across the United States and Canada in the first quarter of 2026, a 5.3 percent decrease from Q1 2025 and a 12.2 percent decline from Q4 2025, according to Verisk CargoNet.

Despite fewer incidents, estimated losses reached $131.58 million, essentially unchanged from Q1 2025, and confirmed cargo theft reports rose by 41 incidents to 596 of 767 total events.

Reduced activity from domestic criminal organizations, especially in Texas and the Southeast, paired with sustained or growing activity by organized crime groups with a nexus in California and the New York City metropolitan area highlights a new pattern.

The shift is reflected not only in where cargo theft is occurring, but in what is being stolen and how, Verisk’s cargo theft prevention and recovery unit said.

Among the top eight states for cargo theft, most saw year‑over‑year declines except California where theft increased from 255 to 277 incidents, and in New Jersey thefts where surged from 27 to 59, a 119 percent jump.

“Both states are primary operating environments for organized crime networks, offering dense logistics infrastructure and proximity to major consumer markets,” Verisk CargoNet stated.

Cargo thefts in Texas declined from 102 to 80 incidents, a 22 percent drop, highlighting a shift to other metropolitan areas.

Personal care and beauty products topped the list of most sought after cargo, jumping from 18 events in Q1 2025 to 50—a rise of 178 percent, driven by cosmetics and fragrances, predominantly in the Northeast.

Food and beverage remained the top category with a reported 144 events. Beverage theft declined while seafood targeting climbed sharply.

Building materials fell from 21 events to 8, a category historically dominated by domestic groups operating seasonally in North Texas.

Categories such as building materials, apparel, and vehicle-related shipments declined year-over-year – goods that are bulkier, less standardized or more difficult to resell at scale.

“The overall drop in incident volume is encouraging, but the underlying data tells a more complex story,” said Keith Lewis, vice president of operations at Verisk CargoNet. “We’re watching transnational organized crime groups become the dominant force in the cargo theft landscape, with a clear preference for goods that move easily through online resale channels. The geography is following the criminals.”

The Impersonation Playbook

The most significant tactical development in Q1 2026 is the maturation of impersonation‑based theft into a systematic, scalable criminal methodology, analysis showed.

“Anti‑fraud solutions deployed across the industry have been effective and that success is now driving the next wave of innovation by criminal networks seeking to evade those controls,” the Q1 2026 report noted.

Criminal networks have resorted to impersonating legitimate motor carriers and logistics brokers to bypass anti-fraud measures.

They are two primary methods in doing so:

• The first is credential harvesting: advanced phishing campaigns and remote access trojans are used to compromise business email accounts, internet‑based phone systems, and the industry applications that carriers and brokers use to find shipments and verify their identity. With stolen credentials in hand, a criminal network can operate as the legitimate carrier, accepting tenders, communicating with logistics brokers, and redirecting loads under a trusted and seemingly verified identity.
• The second method is outright acquisition of motor carrier businesses. Criminal networks are purchasing legitimate carriers through social media, peer‑to‑peer marketplaces, and specialized brokerage services. Despite warnings from regulators, these sales remain frequent and largely unregulated. Verisk CargoNet warns existing motor carriers that selling an operating authority to a criminal network, knowingly or unknowingly, may expose owners to civil and criminal liability.

“The anti‑fraud tools the industry has deployed are working, they’re forcing criminals to invest more in elaborate schemes,” said Lewis. “But the shift toward credential theft and carrier impersonation means the industry needs to think beyond tender‑phase controls. We need robust identity verification throughout the lifecycle of a shipment, from booking to delivery.”

Verisk CargoNet expects impersonation-based fraud and the exploitation of legitimate carrier identities to remain central to cargo theft activity in the coming quarters.

“As anti-fraud controls continue to improve at the point of tender, criminal networks are likely to expand their focus to vulnerabilities across the full shipment lifecycle,” the report added. With current patterns suggesting “organized groups will continue prioritizing high-value, easily redistributed goods while concentrating on activity in major logistics hubs that support rapid movement and resale.”