Thursday, March 15, 2018

Data Breach at Towage Subsidiary of World's Largest Container Shipping Group

After That Massive Cyber Attack Another Maersk Company Has IT Woes
Shipping News Feature
AUSTRALIA – After the world's largest container shipping line, Maersk, was hit by a massive cyber attack last June another group subsidiary, Svitzer, has revealed that it has suffered a significant data breach, which has seen upwards of 50,000 emails containing private personnel information, auto-forwarded to accounts outside the company. Localised to the company's Australian operations, Svitzer has confirmed that the hack, which began on May 27 last year, affected more than 400 employees before being discovered at the beginning of this month.

For almost 10 months, between 50,000 and 60,000 emails from three Australian employees of the salvage and towing group working in finance, payroll, and operations, were automatically forwarded to two accounts outside of Svitzer, containing staff personal information including tax file and superannuation numbers and the names of next of kin. The breach was resolved within five hours of being discovered, after the mailboxes of the external inboxes became full and the auto-forwarded emails began bouncing back to the company.

After an investigation, Svitzer found that a rule had been set up on the three email accounts to forward the emails to the external accounts and another rule to delete the forwarded emails so the account holders couldn’t see the emails were being forwarded.

The attack on Maersk last year was on a much larger and more damaging scale with a number of its IT systems deliberately shut down across multiple business units at a reported cost of $300 million. Maersk was one of many global companies to be hit by the ransomware later known as NotPetya. The malware was distributed through a Ukrainian accounting software called MeDoc, used for filing tax returns in Ukraine. The MeDoc software contained backdoors into the networks of users of the software, which were used by the malware to enter via the software's automatic update system.