Wednesday, August 1, 2018

Cyber Security Incident Which Hit Shipping Group Lost Personal Information

Three Major Crimes Now Against Container and Ocean Freight Community
Shipping News Feature
UK – WORLDWIDE – After discovering that it was subject to a cyber security incident in November last year, Clarksons, which offers a plethora of support services to the shipping fraternity, has provided an update to the data breach, revealing more details about the security breach. This latest update comes a week after Chinese container shipping giant COSCO was itself subject to an attack, reportedly ransomware, in the US which debilitated the company's regional communications network, an issue it assures us that has now been resolved, plus the NotPetya strike against Maersk June 2017.

On November 7, 2017, Clarksons learned that it was the subject of a cyber security incident in which an unauthorised third party accessed certain of the company’s computer systems in the UK, copied data, and demanded a ransom for its safe return. As soon as the incident was discovered, Clarksons took steps to respond to and manage the incident, including launching an immediate investigation into the nature and scope of the event, notifying regulators, working with third party forensic investigators, and informing law enforcement. The company then publicly announced the breach on November 29, 2017.

Through the forensic investigation, Clarksons quickly learned that the unauthorised third party had gained access to its system from May 31, 2017 until November 4, 2017. Clarksons found that the unauthorised access was gained via a single and isolated user account. Upon discovering this access, Clarksons immediately disabled this account.

Through the investigation and legal measures, Clarksons says that it was then able to successfully trace and recover the copy of the data that was illegally extracted from its systems. The list of what was actually copied is however, daunting to say the least and illustrates the need for all companies to adequately protect themselves from infiltration.

While the potentially affected personal information in this case varies by individual, the data taken from Clarksons records may include date of birth, contact information, criminal conviction information, ethnicity, medical information, religion, login information, signature, tax information, insurance information, informal reference, national insurance number, passport information, social security number, visa/travel information, CV/resume, driver’s licence/vehicle identification information, seafarer information, bank account information, payment card information, financial information, address information and/or information concerning minors.