International logistics giant DP World has confirmed that data was stolen during a cyber attack that disrupted its operations in Australia earlier this month. However, the company says no ransomware payloads or encryption was used in the attack.
On November 10, 2023, DP World Australia, which handles 40% of the country’s shipping container trade, was targeted by hackers who disrupted landside freight operations at five ports. The disruption left 30,137 containers stranded, and available storage spaces were filled to capacity.
In a statement from DP World Australia to BleepingComputer today, the company says that port operations resumed on November 13 and returned to normal status on November 17. The backlog of over thirty thousand containers was completely cleared by November 20, 2023.
Regarding the scope of the impact and the type of cyber attack, DP World has established that the security incident only affects its Australian business. At the same time, it did not find any signs of ransomware deployment on the breached systems.
“DP World Australia’s investigation has confirmed that the incident was confined to the Australian operations and did not impact any other markets where DP World operates,” DP World told BleepingComputer.
“It also confirmed that no ransomware was found or deployed within the DP World Australia network (no ransomware executables, no encrypted files, and no ransom demands).”
The damage, though, wasn’t limited to the operational disruption, as DR World’s investigation determined that data was stolen from its systems.
“Regrettably, DP World Australia can confirm that some of its files were accessed by the unauthorized third party and a small amount of data was exfiltrated from the DP World Australia network,” confirmed the spokesperson to BleepingComputer.
“While the investigation has shown that customer data was not affected, some of the impacted data includes the personal information of current and previous employees of DP World Australia.”
All impacted individuals will be notified to take the appropriate precautions, and they will also receive support from a team of specialists and service coverage to mitigate identity theft and fraud risks associated with the data exposure.
At this time it is unclear who is behind the attack, and no threat actors have claimed responsibility. Therefore, it could have been a data-theft attack or a ransomware attack that was shut down before encryptors were deployed.
The Australian Cyber Security Coordinator, the Australian Cyber Security Center, the Australian Federal Police, the Department of Home Affairs, and the Office of the Australian Information Commissioner have all been informed of the situation and are working closely with DP World to lessen the impact for those who had their data stolen.