Clarkson, one of the world’s largest providers of shipping services, informed the public on Tuesday that it has suffered a security breach and the hackers may release some data taken from its systems.
Clarkson provided only few details citing the ongoing law enforcement investigation, but the information it made public suggests that it was targeted by cybercriminals who tried to get the company to pay a ransom in order to avoid having its data leaked online.
The shipping giant said the attackers gained access to its systems using a single compromised user account, which has been disabled following the incident.
The company had been expecting the hackers to publish some data on Tuesday, but so far there haven’t been any reports of that happening.
“As a responsible global business, Clarksons has been working with the police in relation to this incident,” Clarkson said in a statement. “In addition, the data at issue is confidential and lawyers are on standby wherever needed to take all necessary steps to preserve the confidentiality in the information.”
Clarkson has started notifying affected customers and individuals. The organization claims it has been conducting a cybersecurity review of its systems and it plans on rolling out new IT security measures – in addition to the ones introduced in response to this security incident.
“As you would rightly expect, we’re working closely with specialist police teams and data security experts to do all we can to best understand the incident and what we can do to protect our clients now and in the future,” said Andi Case, CEO of Clarkson. “We hope that, in time, we can share the lessons learned with our clients to help stop them from becoming victims themselves. In the meantime, I hope our clients understand that we would not be held to ransom by criminals, and I would like to sincerely apologise for any concern this incident may have understandably raised.”
While Clarkson may have refused to pay the ransom demanded by the attackers, there are plenty of companies willing to pay up in order to avoid having to deal with a data breach becoming public knowledge.
Some studies have shown that 40% of businesses have paid the ransom demanded by hackers. Others studies said 70% accepted to pay, and half of them coughed up more than $10,000. One example is a Hollywood hospital that last year paid $17,000 to recover files encrypted by a piece of ransomware.
Some organizations attempt to negotiate with the attackers. HBO reportedly offered $250,000 to hackers who demanded millions of dollars, but the offer was not accepted. A South Korean web hosting provider also negotiated with cybercriminals, but still ended up paying $1 million after over 150 of its Linux servers were compromised.