Jun. 28, 2017

Impact of Petya Cybersecurity Attack on Businesses Shipping with Maersk

Ready to Get Started?

Flexport makes shipping your cargo transparent, reliable, and affordable

Yesterday, a ransomware attack hit a number of companies and government agencies in at least six countries. One of the companies affected was Maersk, the world’s largest ocean carrier. Maersk is one of many carriers we work with to move our clients’ ocean freight.

Naturally, this prompted questions about what kinds of data we share with freight carriers, and how we ensure the security of this data. After all, freight forwarding depends on third-party carriers by nature — so despite whatever security measures Flexport puts in place to safeguard our own data, our partners will always be susceptible to data breaches. To limit risks and protect our clients’ sensitive information, we don’t share any data with carriers or freight partners except what those parties need to know in order to move our shipments.

Specifically, we share only the following data with ocean carriers like Maersk:
- Transportation mode: (ocean or air)
- Notes (if applicable)
- Location: Port of loading
- Vessel and voyage information
- Short description of the cargo
- Container details (container size)

In other words: all financial information from purchase orders and commercial invoices, and other sensitive data, is stored only on Flexport’s servers, none of which were compromised in the Maersk breach.

It’s unlikely that Maersk was chosen as an explicit target. At least one computer at Maersk was running on an unpatched Windows computer that was affected by the ransomware (Petya), and the virus then spread to their local network. As they work to restore their networks, we’re notifying all Flexport clients with freight on Maersk ships, or whose freight is going through APM terminals (which are owned by Maersk and have also been affected by the cyber attack) — our data-driven approach makes it easy for us to figure out which shipments might be impacted and to keep a close eye on them.

Flexport isn’t vulnerable to Petya or to similar attacks for a few reasons: we don’t use Windows; we update our systems strictly and regularly; and we don’t have implicit trust between all of our servers.

We are, of course, still extremely vigilant about security. To validate and upgrade our data security, we’ve been using the vulnerability coordination platform HackerOne to run continuous penetration tests against our own systems.

In the interest of transparency, and to show how seriously we take data security, our engineering team has written a post mortem, including detailed descriptions of six vulnerabilities that we discovered and fixed through this process of continuously hacking ourselves. Today seems like a good time to share that post, as we reflect on the importance of locking down our customers’ valuable supply chain data.

Rest assured that we continue to invest in data security measures, including training our own teams in how to identify malware, phishing attacks, and more sophisticated social engineering attempts.

Read on: Six Vulnerabilities from a Year of HackerOne

Share the Article


Ready to Get Started?

Sign up for a Flexport account or ask to see our platform in action.

Sign Up for Freight Market Updates

Get weekly insights into all things freight, delivered right to your inbox.

I agree to the storing and processing of my personal data by Flexport as described in the Terms of Service and Privacy Policy.

Customs brokerage services are provided by Flexport’s wholly-owned subsidiary, Flexport Customs LLC, a licensed customs brokerage with a national permit. International ocean freight forwarding services are provided by Flexport International LLC, a licensed Ocean Transportation Intermediary FMC# 025219NF. U.S. trucking services are provided by Flexport International, LLC, a FMCSA licensed property broker USDOT #2594279 and MC #906604-B. Cargo insurance is underwritten by an authorized insurance company and offered by Flexport affiliates. Insurance coverage is not available in all jurisdictions. See http://flx.to/insurance-notice for more cargo insurance information and disclosures. All transactions are subject to Flexport’s standard terms and conditions, available at www.flexport.com/terms 沪ICP备16041494号

Copyright © 2021 Flexport Inc.

Terms of Use/Privacy Policy