UK shipping giant Clarksons admitted on Wednesday that it has suffered a data breach and warned that the hacker may soon start leaking the stolen information.
The 165-year-old shipping services organization employs nearly 2000 staff worldwide, with operations in 21 countries.
In a notice yesterday it said it had been the subject of a cyber-break-in:
“Our initial investigations have shown the unauthorized access was gained via a single and isolated user account which has now been disabled. We have also put in place additional security measures to best prevent a similar incident happening in the future. Clarksons would like to reassure clients and shareholders that this incident has not, and does not, affect its ability to do business.”
It claimed that the hacker may release some of the data, but gave no indication of the kind of information that was stolen, or how many records, saying only that it is “confidential” and that “lawyers are on standby wherever needed to take all necessary steps to preserve the confidentiality in the information.”
This lack of transparency may be harder to get away with when the GDPR comes into force, with firms required to give a detailed account to regulators within 72 hours of discovery of a breach.
Clarksons said it is working with police and data security experts to get to the bottom of the incident and has notified the regulators. It has also accelerated roll-out of IT security measures as part of a program that began earlier in the year.
Comments from CEO Andi Case within the statement suggest that the hackers have been trying to extort the company with the stolen data they now hold.
“We hope that, in time, we can share the lessons learned with our clients to help stop them from becoming victims themselves,” he said. “In the meantime, I hope our clients understand that we would not be held to ransom by criminals, and I would like to sincerely apologize for any concern this incident may have understandably raised.”