DP World Australia has suffered a cyber attack during which hackers reportedly retrieved personal port employee data.
Earlier this month, on 11 November, The Independent reported that DP World Australia was responding to a cyberattack, which led to the operator temporarily closing its network.
This included the closure of its port operations in Melbourne, Sydney, Fremantle and Brisbane, resulting in containers and cargo being stuck on the docks, according to Reuters.
Two days later, on 13 November, The Guardian revealed that DP World Australia gradually began to resume its port operations.
As reported by The Guardian, Paul Zalai, the Director of the Freight and Trade Alliance, said: “Limited operations had resumed with DP World’s docks at Brisbane and Fremantle restarting the movement of imports and exports first. However, its docks in Sydney and Melbourne were only dealing with imports on 13 November.”
Zalai also revealed that one exporter allegedly had 300 containers stuck at one of the Australian ports.
On 28 November, DP World Australia revealed that personal employee data was compromised during the cyberattack, which could potentially leave staff vulnerable.
“The forensic investigation has identified that data was accessed and exfiltrated (removed) from our network. We are currently reviewing the impacted data as a priority, but this is a process that may take some time,” DP World said in a statement.
The EVP of DP World Australia, Nicolaj Noes, informed Australian Broadcasting Corporation (ABC) that: “For some of our colleagues, it was their telephone numbers; for some, it was their address; and then for a very few people, there was a little bit more, a copy of a driver’s licence, etc.”
DP World further disclosed that it is working with the Australian Signals Directorate/Australian Cyber Security Centre, the National Cyber Security Coordinator, the Minister for Home Affairs and Cyber Security, the Minister for Infrastructure, Transport, and Regional Development, and the Australian Federal Police to conduct this investigation.
The terminal operator continued: “The investigation into the cyber incident is ongoing. We are working closely with our cybersecurity advisers and reviewing the impacted data as a matter of priority.”
As of 30 November, no perpetrators have been identified.