How to respond to a data breach

Next story
Olivia Storey

Clarksons, a UK based shipbroking company, suffers data breach and warns clients of a leak after refusing to pay ransom payments in cyber-attack.

Clarksons confessed to the data breach, stating that there had been unauthorised access to their systems via ‘a single and isolated user account, which has now been disabled’.

The finer details of the data breach are unknown, like when they were hacked, when the compromise was discovered, the amount of ransom demanded by the hackers, or the cybercriminals' identity.

As the company did not pay the ransom demand, there is a concern over a public data leak. CEO Andi Case confirmed that the company have lawyers on standby in the event of this, and are working with specialist police services to preserve confidentiality of the information stolen.

The company have released an official notice on the cyber security breach and are in the process of informing the potentially affected customers.

Data breaches have been rife over the past few years, with 2017 seeing some of the larges breaches in the history of the internet, including Equifax, Verizon, and Uber.

Mark James, ESET IT Security Specialist, discussed the Clarksons data breach, and how it was handled as a company.

“With little information it’s hard to speculate how or indeed what happened, but this is a clear example of the need to periodically check, not only the user accounts not currently being used, but more importantly their authority.

“The information given so far is that ‘hackers had managed to access the company's computer systems by compromising a single and isolated user account, which has since been disabled’ which would suggest this account did indeed have elevated privileges.

“It would then appear a ransom demand was sent to pay-up or suffer the consequences of releasing the stolen data.

“It would appear Clarkson’s have made the right choice here as paying the bad guys may have done no more than labelled them as ‘willing to pay’ for possible targeted attacks, and does not guarantee the safety or nondisclosure of the files.

Coming clean in a timely manner and working with authorities to mitigate the damages is always the best course of action.

“Data breaches sadly are a consequence of our digital existence, and the means of which we deal with them can make a huge difference to public perception and limit the aftermath.  

What do you think is more important: a company’s response to a breach or the fact a breach happened in the first place? Let us know on Twitter @ESETUK.

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.