Shipping firm warns that hackers may leak confidential information

Global shipbroker says it fell victim to a 'cybersecurity incident' and is contacting those who might have had their information stolen by attackers.

Video: Equifax teaches us what not to do after a data breach The Equifax data breach was maddening enough, says ZDNet's Larry Dignan. The company's follow-up was even more maddening and will put Equifax in the crosshairs for months to come.

Video: Equifax teaches us what not to do after a data break

Global shipping firm Clarksons has warned that confidential data stolen as a result of a "cybersecurity incident" could be made public, following the company's refusal to pay a ransom to hackers.

In a statement, the shipbroker, one of the largest in its sector, said that it had fallen victim to a "criminal attack" in which attackers gained unauthorised access to the company's computer systems via the use of a "single and isolated user account" which Clarksons has since disabled.

Clarksons, which has 49 offices in 21 countries, hasn't disclosed what information has potentially been stolen by hackers, only that the data in question is "confidential". While the company hasn't disclosed when the breach took place or when it was discovered, it said it took "immediate steps to respond to and manage the incident".

A Clarksons spokesperson told ZDNet that due to the ongoing investigation into the incident, it'd be inappropriate to make any further comment about what happened at this time.

However, the company has issued a warning that the data might be at risk of being made public because those behind the attack have now threatened to release it after the shipbroker refused to pay them a ransom.

"Today, the person or persons behind the incident may release some data. As a responsible global business, Clarksons has been working with the police in relation to this incident. In addition, the data at issue is confidential and lawyers are on standby wherever needed to take all necessary steps to preserve the confidentiality in the information," the company said.

"I hope our clients understand that we would not be held to ransom by criminals, and I would like to sincerely apologise for any concern this incident may have understandably raised." said Andi Case, CEO of Clarksons.

The company is in the process of directly contacting potentially affected clients and individuals, as well as working with the police and security experts in response to the attack. The company also said it has contacted the relevant regulatory bodies about the incident.

See also: What is GDPR? Everything you need to know about the new general data protection regulations

"Issues of cybersecurity are at the forefront of many business agendas in today's digital and commercial landscape and, despite our extensive efforts we have suffered this criminal attack," said Case.

"As you would rightly expect, we're working closely with specialist police teams and data security experts to do all we can to best understand the incident and what we can do to protect our clients now and in the future."

"We hope that, in time, we can share the lessons learned with our clients to help stop them from becoming victims themselves," Case added.

In a statement to ZDNet, the Information Commissioner's Office said: "We're aware of an incident at Clarkson PLC and will be making enquiries."

istock-cargo-ship.jpg

Clarksons provides services to the global shipping industry.

Image: Getty Images/iStockphoto

Previous and related coverage

IT leader's guide to reducing insider security threats [Tech Pro Research]

Employees are responsible for nearly half of IT security incidents every year, according to a recent report from Kaspersky Lab and B2B International. This ebook offers a look at where the risks lie and what you can do to mitigate them.

We tested Equifax's data breach checker -- and it's basically useless

Several people have confirmed they have mixed or inaccurate results from the Equifax checker.

Uber admits 2.7m Brits hit by data breach [CNET]

Names, email addresses and mobile phone numbers were stolen by hackers, but not dates of birth or bank details.

READ MORE ON CYBERCRIME