Container giant MSC has announced that its IT systems are fully operational once more after a cyber-attack caused the company to take its website and myMSC service offline over the course of the Easter weekend.
MSC tweeted on April 10 that it had suffered a network outage at one of its data centres in Geneva, causing the company to shut down the servers at its headquarters as a safety measure. The issue was contained to those specific servers only, the company notes, which were taken offline as a precaution to limit access while an investigation into the details of the incident was carried out, assisted by external experts.
Services resumed in the early hours of April 15, since which time all of the container line’s online booking channels have been operating as normal.
“We resolved this quickly, but we intentionally did not rush things,” MSC said, in a statement.
“It was very important to us to ensure that we had a validated solution in place and to cover off all necessary checks and testing before making the website live again and that this would not pose any risk, even if unlikely, to any of our customers or partners.”
“In addition, this happened during the middle of the global COVID-19 crisis with many of us working from home and it took a bit of time to sort things out.”
The company has now confirmed that the outage was the result of a malware attack based on an engineered targeted vulnerability, but was confined to a limited number of physical computer systems in Geneva only.
“We have shared, as per industry standards, the malware with our technology partners so that mitigations could be made available, not only to us,” MSC said.
“We will not be commenting further in detail on this point, as this would be counter-productive from a security perspective. If in due time we feel that there are any important lessons or best practices to learn, we will share information via the appropriate industry forum or directly with other companies.”
The boxship operator does not believe that any data has been lost or compromised following the incident, and it has already been in direct communication with customers to assure them that the outage posed no threat to those engaging with MSC via email or EDI (Electronic Data Interchange) connections.
“After carefully attending to the incident, our team of technology experts waited until they were satisfied that we could ensure all our proprietary systems could be up and running again safely and reliably,” the company said.
“While we consider this incident to be resolved, we are not complacent and we remain focused and cautious in our approach to information technology. MSC remains committed to minimising the risk of systems failure and protecting our business from cyber-security threats.”
Editor’s Note – this article was updated at 20.00 on April 15 to include new information from MSC confirming the nature of the systems outage