2 min read

UK shipping giant deals with data breach by the book, recovers stolen data

Filip TRUȚĂ

July 31, 2018

UK shipping giant deals with data breach by the book, recovers stolen data

Strengthening the notion that a single vulnerable endpoint, or unwary employee, can grant hackers safe passage into an organization”s entire infrastructure, British shipping company Clarksons PLC this week confirmed the discovery of a data breach that it suffered between May and November of last year.

Clarksons put out a press release on July 30 to notify anyone concerned that the firm “was the subject of a cyber security incident in which an unauthorized third party accessed certain Clarksons’ computer systems in the UK, copied data, and demanded a ransom for its safe return.”

As soon as the company caught wind of the incident, Clarksons launched an investigation and took steps to respond to incident and mitigate the risks. The steps it took, per the company”s notice, were “notifying regulators, working with third party forensic investigators, and informing law enforcement.”

Clarksons learned through the investigation that the attacker had gained access to its systems sometime starting with May 31, 2017. The bad actor reportedly had access to the personal data of an unspecified number of individuals, from May through November of the same year. The data, which the perpetrator copied and demanded ransom for its safe return, included: date of birth, contact information, medical information, tax information, insurance information, Social Security number, CV / resume, driver’s license/vehicle information, bank account information, passport information, payment card information, ethnicity, digital signature, visa/travel information, financial information, criminal conviction information, login information, seafarer information, and address information.

“Clarksons learned that the unauthorized access was gained via a single and isolated user account. Upon discovering this access, Clarksons immediately disabled this account,” the notice reads. “Through the investigation and legal measures, Clarksons were then able to successfully trace and recover the copy of the data that was illegally copied from its systems.”

Clarksons is now notifying potentially affected individuals out of an abundance of caution, according to the press release.

Immediately after learning of the breach, Clarksons enhanced its security measures and is now providing potentially affected individuals with information about this event and about the further steps individuals may take to best protect their personal information. The company is further offering potentially affected individuals access to one year of identity protection services at no cost.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read