[BreachExchange] UK shipping giant deals with data breach by the book, recovers stolen data

[Destry Winant]

https://securityboulevard.com/2018/07/uk-shipping-giant-deals-with-data-breach-by-the-book-recovers-stolen-data/

Strengthening the notion that a single vulnerable endpoint, or unwary
employee, can grant hackers safe passage into an organization’s entire
infrastructure, British shipping company Clarksons PLC this week
confirmed the discovery of a data breach that it suffered between May
and November of last year.

Clarksons put out a press release on July 30 to notify anyone
concerned that the firm “was the subject of a cyber security incident
in which an unauthorized third party accessed certain Clarksons’
computer systems in the UK, copied data, and demanded a ransom for its
safe return.”

As soon as the company caught wind of the incident, Clarksons launched
an investigation and took steps to respond to incident and mitigate
the risks. The steps it took, per the company’s notice, were
“notifying regulators, working with third party forensic
investigators, and informing law enforcement.”

Clarksons learned through the investigation that the attacker had
gained access to its systems sometime starting with May 31, 2017. The
bad actor reportedly had access to the personal data of an unspecified
number of individuals, from May through November of the same year. The
data, which the perpetrator copied and demanded ransom for its safe
return, included: date of birth, contact information, medical
information, tax information, insurance information, Social Security
number, CV / resume, driver’s license/vehicle information, bank
account information, passport information, payment card information,
ethnicity, digital signature, visa/travel information, financial
information, criminal conviction information, login information,
seafarer information, and address information.

“Clarksons learned that the unauthorized access was gained via a
single and isolated user account.  Upon discovering this access,
Clarksons immediately disabled this account,” the notice reads.
“Through the investigation and legal measures, Clarksons were then
able to successfully trace and recover the copy of the data that was
illegally copied from its systems.”

Clarksons is now notifying potentially affected individuals out of an
abundance of caution, according to the press release.

Immediately after learning of the breach, Clarksons enhanced its
security measures and is now providing potentially affected
individuals with information about this event and about the further
steps individuals may take to best protect their personal information.
The company is further offering potentially affected individuals
access to one year of identity protection services at no cost.