Holy ship! UK shipping biz Clarksons blames megahack on single point of pwnage British shipping services firm Clarksons has revealed a high profile data breach last year stemmed from a hack on a “single and isolated user account”. shipping container Hacked Brit shipping giant Clarksons: A person may release some of our data today READ MORE Criminal hackers stole employee information from the shipping …
The data they refer to as stolen would only be held on an HR/payroll database, and only the HR administrators and reporting staff should have access. It's fairly easy these days to find the name of people doing particular jobs, whether through a browse of LinkedIn, or simply a telephone enquiry to the switchboard - work out the target's email address, then spear phish them. Given that multiple people usually have that access, the crims probably had multiple targets to try.
'Clarksons were then able to successfully trace and recover the copy of the data that was illegally copied from its systems.'
The only copy ? Also recover the copy ? In this instance I would agree that the data was stolen but to recover the copy is a bit of a stretch unless they copied it back to systems within their control then deleted the stolen version.If they deleted the stolen version by accessing someone else's computer system without their consent... meh I wish it was Friday.
I too am surprised at this statement particularly the word "recovered". Is it the thieves didn't make a backup copy? If they parked it somewhere on the internet such as AWS, are they certain that the data wasn't hacked by someone else? Once the data is in the wild, all bets are off, IMO.
The whole response publication is idiocy. One isolated account = they only used one account, the information was loose on the intranet and once you could log on to the VPN you could get any of it.
Immediately = After six months (May to November)
As above, the whole "stole the data", "got the copy back" lark.
I wouldn't trust them to float a boat, never mind run an IT system.
Oh wait...
edit: I see AB Hands made the same points! Sorry!
Even in the US if your info is hacked you'll typically be given a year of free credit reporting. If it is your employer that loses your info - which is generally a lot more info and a closer relationship that to a customer - they'll sometimes offer more.
Is it possible there's really a country with worse privacy protections than the US?
So much of this doesn't make sense. How did they locate the copy of the stolen data? And how can they be sure that was the only copy of it?
If it was an inside job and the data was exfiltrated to a single machine that was subsequently seized during a police raid then it would maybe make sense. Possibly. But even then you couldn't be sure it hadn't been uploaded to a hosting service or distributed to others.
And what's the point of taking out an injunction against the hackers? Their initial action was illegal, so I don't think they're going to be phased by a civil action against them. That's like taking out an injunction to stop someone committing murder.
Also, don't you need to name the respondent in an injunction? If they knew who they were taking an injunction out against then why would they not just let the criminal case proceed?
So much iffy info released by the company.
Or maybe they just don't have a fucking clue how computers or criminals operate.
He added: "However, in this particular instance it appears they hit the jackpot account with their first try - or they have a good passive assessment so they knew which user account to target."
Insider information - the third option.
Can be anything from overhearing from a casual remark to sending in an spy (cleaning staff, contractor sent to fix that overhead light etc etc) to sniff out prospective marks.
Never, ever underestimate the ingenuity and willingness of a ne'er-do-well...
I wonder if their HR database was accessed via Active Directory automated login?
A lot of places authenticate internal systems like this now.
Yes, it saves you typing more passwords but it also means once an attacker is in they are in.
Of course, since most users would just use the same password for both previously anyway.......
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
