Cyber attacks and data breaches in review: November 2021

In November 2021, we discovered 223,615,390 breached records from 81 publicly disclosed cyber security incidents.

As ever, you can find the full list of cyber attacks and data breaches on our sister site. Here, we take a closer look at some of the more notable stories affecting European organisations.

‘Technical glitch’ results in Brittany Ferries data breach

Brittany Ferries confirmed last month that up to 25,000 customers’ data may have been compromised in a data breach.

The French cruise liner said a technical glitch was introduced after “routine” website maintenance had left customers’ accounts exposed.

It meant that anyone who knew the email address associated with a customer’s account could have accessed their name, postal address, telephone number, booking references for the past six months, passport number, date of birth and nationality.

Anne Laure Fabre, data protection officer at Brittany Ferries Brittany Ferries, said: “In spite of our cyber vigilance and rigorous security checks, I’m sorry to confirm your account’s protection settings were unintentionally changed between October 21st and November 2nd of this year.”

The organisation later confirmed that the breach occurred because a test procedure was omitted from the update process.

A spokesperson said: “A patch was quickly applied which resolved the issue on the same day. Procedures have now been updated to ensure appropriate password tests are carried out every time a website update takes place.”

They added that the reason Brittany Ferries had made the incident public was for “prudence and good practice”.

Meanwhile, the UK’s data protection regulator, the ICO (Information Commissioner’s Office) said it had yet to receive a notification.

Under the GDPR (General Data Protection Regulation), organisations are required to report data breaches within 72 hours of becoming aware of them unless it doesn’t pose a risk to people’s rights and freedoms.

Cyber attack hits multiple Greek shipping firms

Danaos Management Consultants was hit by ransomware last month, affecting several Greek shipping firms.

The IT consulting firm’s customer-facing systems were crippled by the attack, blocking its communication with ships, suppliers, agents, charters and supplies. Some correspondences between Danaos Management Consultants and the shipping firms were also lost.

The organisation sent instructions to its customers, asking them the back up critical files to external hard drives.

Danaos believes that less than 10% of its external customers had their files encrypted by the attack.

The organisation’s CEO, Dimitris Theodosiou downplayed the potential long-term damage of the incident, saying: “A cyber-attack incident cannot spoil the image we have created for 36 years.”

Whether that’s true will depend on Danaos’ ability to mitigate and respond to the threat. Ransomware has been known to cause lingering problems for organisations, and the maritime sector is often considered among the weakest in its ability to deal with supply chain attacks.

Danish wind turbine supplier Vestas confirms ransomware

Vestas, the world’s largest supplier of wind turbines, announced last month that it had been struck by ransomware.

The incident first emerged on 19 November, with the organisation announcing that it had shut down several operational IT systems as a precaution following a “cybersecurity incident”.

Vestas said that customers, employees and other stakeholders may be affected, but didn’t specify the exact nature of the incident.

Following an internal investigation, the organisation confirmed that the disruption was caused by ransomware but said that its systems were back online.

There is no indication that the incident affected customer and supply chain operations, Vestas said.

“We have been through some tough days since we discovered the cyber incident, and Executive Management and the Board of Directors are thus very pleased that the incident didn’t impact wind turbine operations and almost all of our IT systems are running again,” the organisation’s president and CEO, Henrik Andersen, said.

“There is still a lot of work ahead of us to and we must remain extremely diligent towards cyber threats. I would already now like to take this opportunity to thank our customers, employees and external partners for their understanding and extraordinary support in these challenging circumstances.”

Are you prepared for a cyber attack?

If you find yourself facing a cyber security disaster, IT Governance is here to help.

Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.