Shipping firm Clarksons braces for data leak after refusing to pay hacker
Rob Davies reports:
Shipping company Clarksons is bracing for a tranche of private data to be released, after refusing to pay a ransom to a hacker who staged a “criminal attack” on its computer systems.
In a statement to the stock market, the world’s largest shipbroker said it was working with specialist police and contacting customers who may have been affected after a “cybersecurity incident”.
“As soon as it was discovered, Clarksons took immediate steps to respond to and manage the incident,” the company said.
Read more on The Guardian.
The following is the full text of Clarksons’ press release today:
Clarkson PLC confirms that it was subject to a cybersecurity incident which involved unauthorised access to the Company’s computer systems. As soon as it was discovered, Clarksons took immediate steps to respond to and manage the incident. Our initial investigations have shown the unauthorised access was gained via a single and isolated user account which has now been disabled. We have also put in place additional security measures to best prevent a similar incident happening in the future. Clarksons would like to reassure clients and shareholders that this incident has not, and does not, affect its ability to do business.
Today, the person or persons behind the incident may release some data. As a responsible global business, Clarksons has been working with the police in relation to this incident. In addition, the data at issue is confidential and lawyers are on standby wherever needed to take all necessary steps to preserve the confidentiality in the information.
Clarksons would like to apologise to shareholders, clients and staff for any concerns this incident may raise. The company is in the process of contacting potentially affected clients and individuals directly.
Since this recent incident, Clarksons has been working with data security specialists to investigate further and has notified the relevant regulatory bodies. Clarksons takes issues of IT security extremely seriously and continues to invest heavily to further enhance the systems and procedures it has in place. As part of this, the Company is continuing with a wider review of cyber security that began earlier this year and is, for example, accelerating the roll-out of various additional IT security measures.
Andi Case, CEO of Clarksons, commented: “Issues of cybersecurity are at the forefront of many business agendas in today’s digital and commercial landscape and, despite our extensive efforts we have suffered this criminal attack. As you would rightly expect, we’re working closely with specialist police teams and data security experts to do all we can to best understand the incident and what we can do to protect our clients now and in the future. We hope that, in time, we can share the lessons learned with our clients to help stop them from becoming victims themselves. In the meantime, I hope our clients understand that we would not be held to ransom by criminals, and I would like to sincerely apologise for any concern this incident may have understandably raised.”
Given the ongoing investigations it would be inappropriate for Clarksons to make any additional comments at this time.
Anyone know who the attacker(s) is/are? Have they issued any press release themselves?