DP World Australia confirms employee data was stolen during cyber attack, warns of further freight d
The boss of Australia's largest ports operator has confirmed data from current and former DP World employees was stolen during a cyber attack that shut down its operations around the country earlier this month.
DP World Australia stopped its operations at its ports in Melbourne, Sydney, Brisbane and Fremantle on November 10 in response to a cyber attack, resulting in significant delays of goods coming in and out of the country.
The company is responsible for 40 per cent of Australia's maritime freight, and the outage resulted in a backlog of 30,137 shipping containers stacked up at its depots around the country.
Operations at DP World Australia resumed on the morning of November 13, and the company cleared outstanding containers seven days later on November 20, however, the company had still not disclosed how the attacks had infiltrated its systems.
In an interview with The Business on Tuesday, DP World Australia's executive vice president Nicolaj Noes confirmed that the personal data of some current and former employees was compromised.
"For some of our colleagues, it was their telephone numbers, for some it was their address," he told The Business.
"And then for a very few amount of people, there was a little bit more, a copy of a drivers licence, etc.
"The good news is that it's a very small part of our community that has been impacted, and those affected we're working with now on an individual basis."
Mr Noes said DP World was providing additional resources through external providers to support affected employees.
Investigations into the attack showed data from DP World Australia's customers was not compromised during the incident, he said.
DP World Australia boss Nicolaj Noes says the company is supporting employees affected by the cyber attack.(Supplied: DP World Australia)
Identity of hackers remains under investigation
Despite speculation that Russian cyber criminals were responsible for the attack that crippled the ports operator, Mr Noes said authorities were still investigating to determine the culprit.
"I wish I knew [who was responsible] … but I think this is one of those areas where we shouldn't be speculating," he told The Business.
Multiple cybersecurity analysts had previously told the ABC that DP World Australia had failed to fix a critical IT vulnerability known as CitrixBleed, which was the most likely route into the company's systems, despite an update being available for more than a month.
Mr Noes did not directly answer the question when asked if the company was vulnerable to a cyber attack because it had failed to property update its systems, but conceded he would have "done some things differently" in hindsight.
"It is a complex scenario to protect yourself, it is something that you, ongoing, will do," he told The Business.
"But if you asked me, if I could go back in time a month and say, 'would you have done some things differently?' I probably would have."
DP World Australia has not received a ransom demand from the group responsible for the hack to date, Mr Noes added.
The incident remains under investigation by the Department of Home Affairs, and Mr Noes said the company has been working closely with a number of government agencies, including the Australian Cyber Security Centre and the Australian Federal Police.
Operations at DP World's terminal in Port Melbourne ground to a halt after the cyber attack on November 10.(ABC News: Patrick Rocca)
Strike action could cause Christmas port pain
Although DP World has cleared the thousands of shipping containers that piled up after its cyber attack, Mr Noes warned that future freight delays are likely as the company works to avert a planned 48-hour work stoppage by employees next week.
Workers at all four of DP World's terminals have been involved in protected industrial action over pay and rosters under DP World's proposed enterprise bargaining agreement — and was planned before the cyber attack hit the company.
The industrial action began the week after DP World's operations resumed following the cyber attack, with the Maritime Union of Australia attributing the strike to negotiations with the company breaking down.
Union members at DP World ports around the country have engaged in various work stoppages and bans since mid-November, including two-hour stoppages occurring three times a day at its sites in Melbourne, Brisbane and Fremantle.
DP World Australia is responsible for 40 per cent of the country's maritime freight.(AAP: Dan Himbrechts)
DP World and the Maritime Union have yet to reach an agreement that would bring an end to the industrial action, but Mr Noes said the longer the dispute ran, the longer the delays would be for the nation's freight.
"[The action] does have a snowball effect … even if you have a strike on one day, it doesn't mean that everything just gets one day later, so we are unfortunately looking at continued delays and probably expanded delays," he told The Business.
"It's very difficult to predict … but if we're today looking at delays of seven to 10 days, we can easily get into double that."
He added that the planned industrial action would result in major supply shocks to the national supply chain.
The Maritime Union has disputed those claims, saying the cyber attacks had a greater impact on port activity, and has criticised the company for refusing to negotiate.
But Mr Noes said it is likely that there will be some delays to freight arriving in time for Christmas as a result of the ongoing dispute.
"There is a delay of cargo and there will unfortunately be people in the community out there, sitting and waiting for that particular box, for that particular container, that they need to get access to before Christmas that we unfortunately cannot guarantee them that they will," he said.
Representatives from DP World Australia and the Maritime Union are scheduled to meet with representatives from the Fair Work Commission in early December.