- The CMA CGM e-commerce sites are operational again after a cyberattack caused them to go offline for nearly two weeks, the carrier announced Sunday.
- The company said all main functionalities are operational: bookings, tracking, route finder, Myprices and invoices. The homepage shows an option to get a shipping schedule or track a shipment. It had provided instruction for alternative booking methods in the days following the attack.
- This attack, along with attacks on other ocean carriers, highlights the importance of cybersecurity, Lars Jensen, the head of consulting at Sea-Intelligence, said in a LinkedIn post. "No matter how good your defenses are, there is still a risk. It is imperative to have a solid contingency plan keeping you running potentially for weeks."
The reinstatement of the e-commerce site came just two days after the company's request for a 60-day filing exemption was posted by the Federal Maritime Commission.
The cyberattack resulted in an inability to publish tariff rates and rules, and slowed its service contract filing, the carrier said when asking the agency for the ability to retroactively apply service contract rates to shipments it receives for 60 days following Sept. 27.
"CMA CGM and ANL use a third-party publisher that is not impacted by the attack, but CMA CGM and ANL are unable to access quotes that have been given to customers in order to convert them into tariff line items for customers ready to book using those quotes," CMA CGM said in its letter to the FMC.
American President Lines, a CMA CGM subsidiary, has been unable to update its self-published tariff, rates or rules, it said.
On Sept. 30, CMA CGM said the cyberattack, which occurred two days earlier, resulted in a suspected data breach. The carrier told shippers to book through the INTTRA portal or go through the manual booking process while its systems were down.
The carrier said it was a malware attack, and some media reports said ransomware known as Ragnar Locker was responsible.
This attack is just one in a string of cyber-incidents to highlight the vulnerability of the ocean-shipping ecosystem. Large cyberattacks on MSC earlier this year, COSCO in 2018 and Maersk in 2017 show that carriers are in the crosshairs of bad actors. And with information constantly flowing between companies, it means the shippers moving inventory with the ocean carriers are also at risk.
Subodha Kumar, a professor of marketing and supply chain management at Temple University's Fox School of Business, suggested that shippers ask carriers about their plans for such an attack.
The International Maritime Organization, the international shipping regulator of the United Nations, was also hit by a cyberattack earlier this month.
"Ships are obliged to update their safety management plans to incorporate cyber risk management by 2021," an IMO spokesperson said following the attack.