Publicly disclosed information for this event

Index Number:

Title:

2021_053

Commercial data leak.

Day	Month	Year	Country	Activity	Incident Type
19	September	2021	France	Shipowner	Data leak

Summary

The victim experienced a cyberattack under a year following a previous ransomware incident. According to sources, the shipping company suffered a data leak involving customer information, such as names, employers, positions, email addresses, and phone numbers. In response, its IT teams immediately developed and installed security patches.

The company had advised clients to be vigilant about their account security and to validate the authenticity of emails related to account access, hinting at the potential phishing origins of the attack.

No stoppage of client operations was reported.

Victim

CMA-CGM

Claimed/Reported Threat Actor

N/A

Origin

Cybercrime

Main impact

Confidentiality

References

Recommendations to Shipowner to reduce Data leak risks:

Ensure data encryption measures are in place to protect sensitive information.
Implement access controls to limit data access to authorized personnel only.
Regularly audit and monitor data access and transmission for potential leaks, for instance via Security Operation Center services.
Check and test all communication and customers and third parties-focused plans.

Previous Next

Disclaimer: the data are provided as is. France Cyber Maritime and the M-CERT take no responsibility for the soundness, quality, precision, nor the eventual attribution made by the referenced URLs. We give a lot of respect and support to the victims of attacks.

Files generated on Monday, 11th December 2023.
ADMIRAL is licensed under the Creative Commons