Global shipbroker Clarksons has provided details of a cyber security incident, which was detected back in November 2017 when a lone hacker gained access to its computer system over a seven-month period.
In an update circulated on Monday, the broker which has offices in Hong Kong, said it learned that it: “…was the subject of a cyber security incident in which an unauthorized third party accessed certain Clarksons’ computer systems in the UK, copied data, and demanded a ransom for its safe return. As soon as the incident was discovered, Clarksons took steps to respond to and manage the incident, including launching an immediate investigation into the nature and scope of the event, notifying regulators, working with third party forensic investigators, and informing law enforcement.”
“Through the forensic investigation, Clarksons quickly learned that the unauthorized third party had gained access to its system from May 31, 2017 until November 4, 2017. Clarksons learned that the unauthorized access was gained via a single and isolated user account. Upon discovering this access, Clarksons immediately disabled this account.
“Through the investigation and legal measures, Clarksons were then able to successfully trace and recover the copy of the data that was illegally copied from its systems.
Describing the nature of the data copied from the company’s systems Clarksons said:
“While the potentially affected personal information varies by individual, this data may include a date of birth, contact information, criminal conviction information, ethnicity, medical information, religion, login information, signature, tax information, insurance information, informal reference, national insurance number, passport information, social security number, visa/travel information, CV / resume, driver’s license/vehicle identification information, seafarer information, bank account information, payment card information, financial information, address information and/or information concerning minors.”
Clarksons said it has subsequently enhanced security measures in place to protect data in its care, it has notified the necessary regulatory and law enforcement bodies across the relevant jurisdictions, as a precautionary measure. Clarksons is also providing potentially affected individuals with information about the event and about the further steps individuals may take to best protect their personal information.