UK-based shipping company Clarkson PLC (or Clarksons) has revealed more details about a security breach that took place last year, and during which hackers threatened to release some of the company’s data online if it didn’t pay a ransom demand.
The incident isn’t a new revelation, as the company has already come clean about the hack last year, in a security alert published on November 29, 2017.
That initial alert contained little information about the incident per-se, but it caught the eye of most experts in the IT security industry because Clarksons was actively warning customers that the hacker or hackers behind the breach were preparing to release data online after the company presumably declined to pay a ransom demand.
That expected leak never happened, according to security researchers specialized in data breaches and data dumps to whom Bleeping Computer reached out earlier today for comment.
Hacker breached company via a lone user account
In an update regarding the incident published today, Clarksons finally revealed more details about the breach.
According to this document, Clarksons said it learned of the hack on November 7 last year, when it discovered that “an unauthorized third party accessed certain Clarksons’ computer systems in the UK, copied data, and demanded a ransom for its safe return.”
The company says it immediately started an investigation into the hack together with third-party forensic investigators and law enforcement.
The company said this investigation revealed that “the unauthorized third party had gained access to its system from May 31, 2017 until November 4, 2017.”
The point of entry was a lone user account, which the company said it disabled as soon as it discovered its role in the hack.
Company says it traced and recovered the stolen data
The company also claims that “through the investigation and legal measures” they were “able to successfully trace and recover the copy of the data that was illegally copied from its systems.”
This last statement is vague and could mean a lot of things. Bleeping Computer reached out with a series of questions to Clarksons earlier today.
The company denied there was any “hacking back” involved in recovering the stolen data, and additionally added that they were “not in a position to provide any further information on the incident.”
Another theory to what “trace and recover” through “investigation and legal measures” could mean is that the company was able to recover the data after law enforcement tracked down and arrested the hackers, albeit we could not confirm this has happened.
Nonetheless, between the moment hackers stole the data and Clarksons recovering it, there’s an unaccounted period during which copies could have been proliferated online and to other parties.
For this reason, Clarksons is now warning all of its customers about the breach and what the intruders got accessed to.
While the potentially affected personal information varies by individual, this data may include: date of birth, contact information, medical information, tax information, insurance information, Social Security number, CV / resume, driver’s license/vehicle information, bank account information, passport information, payment card information, ethnicity, digital signature, visa/travel information, financial information, criminal conviction information, login information, seafarer information, and address information.
The shipping firm is now notifying all customers whose data was taken by attackers and is also providing one year of identity protection services to affected parties.
Clarksons is the third shipping provider to have suffered a security breach in the past year after Maersk was hit by the NotPetya ransomware outbreak, and COSCO suffered a similar ransomware infection last week, which the company is still fighting to recover from.