Clarksons provides services to the global shipping industry.
Global shipping firm Clarksons has warned that confidential data stolen as a result of a ‘cyber security incident’ could be made public following the company’s refusal to pay a ransom to hackers.
In statement, the shipbroker – one of the largest in its sector – said that it had fallen victim to a “criminal attack” in which attackers gained unauthorised access to the company’s computer systems via the use of a “single and isolated user account” which Clarksons has since disabled.
Clarksons – which has 49 offices in 21 countries – hasn’t disclosed what information has potentially been stolen by hackers, only that the data in question is “confidential”. While the company hasn’t disclosed when the breach took place or when it was discovered, it says it look took “immediate steps to respond to and manage the incident”.
A Clarksons spokesperson told ZDNet that due to the ongoing investigation into the incident, it’d be inappropriate to make any further comment about what happened at this time.
However, the company has issued a warning that the data might be at risk of being made public because those behind the attack have now threatened to release it after the shipbroker refused to pay them a ransom.
“Today, the person or persons behind the incident may release some data. As a responsible global business, Clarksons has been working with the police in relation to this incident. In addition, the data at issue is confidential and lawyers are on standby wherever needed to take all necessary steps to preserve the confidentiality in the information,” the company said.
“I hope our clients understand that we would not be held to ransom by criminals, and I would like to sincerely apologise for any concern this incident may have understandably raised.” said Andi Case, CEO of Clarksons.
The company is in the process of directly contacting potentially affected clients and individuals, as well as working with the police and security experts in response to the attack. The company also says it has contacted the relevant regulatory bodies about the incident.
See also: What is GDPR? Everything you need to know about the new general data protection regulations
“Issues of cybersecurity are at the forefront of many business agendas in today’s digital and commercial landscape and, despite our extensive efforts we have suffered this criminal attack,” said Case.
“As you would rightly expect, we’re working closely with specialist police teams and data security experts to do all we can to best understand the incident and what we can do to protect our clients now and in the future.
“We hope that, in time, we can share the lessons learned with our clients to help stop them from becoming victims themselves,” Case added.
READ MORE ON CYBER CRIME2017’s biggest hacks, leaks, and data breaches — so far8 steps to take within 48 hours of a data breach [TechRepublic]New NSA leak exposes Red Disk, the Army’s failed intelligence systemUber data breach ‘raises huge concerns’ for UK watchdog [CNET]Bad passwords and weak security are making ships an easy target for hackers