UK-based shipping services provider Clarkson Plc (Clarksons) has told customers that an unauthorized third party accessed some of its computer systems in the UK last year from May 31st to November 4th 2017. Access was gained from a single and isolated user account. The third party then copied data and demanded a ransom for its safe return.
Clarksons said that potential user information compromised could include dates of birth, addresses, bank account information and passport information, contact information, criminal conviction information, ethnicity, medical information, religion, login information, signature, tax information, insurance information, informal reference, national insurance number, social security number, visa/travel information, CV / resume, driver’s licence/vehicle identification information, seafarer information, financial information, address information and/or information concerning minors.
Clarksons did not say how many individuals were affected, but said that, through investigation and legal measures, it was able to trace and recover copies of the data.
The company said that it took issues of IT security “extremely seriously” and that it was working to provide potentially affected individuals with information and access to resources so that they may take steps to best protect their personal information.
Clarksons learned of the breach on November 7th last year. It said that as soon as the incident was discovered it took steps to respond to and manage the incident, including launching an immediate investigation into the nature and scope of the event, notifying regulators, working with third party forensic investigators, and informing law enforcement.
The forensic investigation revealed that the unauthorized third party had gained access to the Clarksons system from May 31st 2017 until November 4th 2017, and that this was via a single and isolated user account, which Clarksons immediately disabled.
The potentially affected personal information varied by individual.
https://www.clarksons.com/media/1142671/update_on_2017_data_breach____regulatory_notice.pdf