CMA CGM hit by fresh cyber attack; customer info leaked

Shipping giant CMA CGM has been hit by a fresh cyber attack - roughly a year after it faced the same fate. In an update sent to customers, CMA CGM warned that “limited customer information" had been leaked during the most-recent cyber attack.

You can read this article in 2 minutes

According to Shipping Watch, the message that CMA CGM sent out to its customers reads as follows:

We wish to inform you that a leak of data on limited customer information (first and last names, employer, position, email address and phone number) has been detected during our surveillance operations on the Group’s APIs [application programming interfaces, -ed]

Last year’s cyber attack on CMA CGM occured on September 28th. As a result of the attack, bookings had to be made via 3rd party platforms and some important CMA CGM features were unavailable online. The issue was not fully remedied until almost 2 weeks later.

Commenting on last year’s cyber attack on LinkedIn, shipping expert Lars Jensen encouraged organisations to make improvements to their security:

All should heed two key pieces of advice:
– Strengthen your defenses. This will reduce the likelihood of a successful attack and limit the damage when hit.
– No matter how good your defenses are, there is still a risk. It is imperative to have a solid contingency plan keeping you running potentially for weeks.

To illustrate his point, Jensen also described the situation as being like a fire on a ship:

It is no different than a fire on a vessel. Reduce the risk of the fire happening at all. If a fire breaks out, ensure the design of the vessel hinders the spread. Have a fire-fighting plan that is clear and well-rehearsed. 

Unfortunately for CMA CGM, whatever measures (if any) were implemented following last years incident have not managed to prevent another cyber attack occurring.