London-based shipbroking firm Clarksons suffered a data breach and refused to pay a ransom to the attackers.
“Our initial investigations have shown the unauthorized access was gained via a single and isolated user account which has now been disabled,” the company said in a statement. “The person or persons behind the incident may release some data.”
The company said they will be contacting clients and individuals in the coming days.
“Issues of cybersecurity are at the forefront of many business agendas in today’s digital and commercial landscape and, despite our extensive efforts we have suffered this criminal attack,” said Andi Case, Clarksons chief executive.
The company did not disclose any further information about the incident as the investigation is still ongoing, so it’s currently unknown what the compromise consisted of.
“As you would rightly expect, we’re working closely with specialist police teams and data security experts to do all we can to best understand the incident and what we can do to protect our clients now and in the future. We hope that, in time, we can share the lessons learned with our clients to help stop them from becoming victims themselves,” Case said in a post.
“In the meantime, I hope our clients understand that we would not be held to ransom by criminals, and I would like to sincerely apologize for any concern this incident may have understandably raised,” he said.
Since the discovery of the incident, the company has put in place additional security measures to prevent future similar accidents.
“The company is continuing with a wider review of cyber security that began earlier this year and is, for example, accelerating the roll-out of various additional IT security measures,” the company said in a release.