Customer data impacted by security incident

French shipping company CMA CGM has announced it has suffered a data breach

French shipping company CMA CGM has announced it has suffered a data breach.

The container transportation and maritime giant, based in Marseille, revealed in a security advisory that customers’ names, email addresses, phone numbers, and employment information have been leaked.

It has not yet been confirmed how many individuals were affected by the incident, but CMA CGM said that its operations were not affected.


Read more of the latest data breach news


The statement, published yesterday (September 20), reads:

We invite you to remain vigilant to any suspicious activity and to follow these best practices to keep your account secure:

“Do not share your account password or any personal information. CMA CGM will never ask them from you.

“Always check the authenticity of an email requesting you to log in to our platforms (especially if requested to reset your password), even if it seems to be sent by the CMA CGM Group.”

Ransomware attack

The announcement comes almost a year after the company was hit by a ransomware attack.

Services across several of the organization’s offices in China were impacted and its internal networks were shut down to contain the spread of malware.

CMA CGM was reported to have been the victim of the Rangor Locker ransomware gang, which also attacked several other global companies around the same time period.

While the organization has not confirmed that the two incidents are linked, Ragnar Locker threatened to publish stolen data earlier this month, as reported by Bleeping Computer.

The cybercrime gang warned its victims that any cooperation with professional negotiators, such as law enforcement, will be seen as a hostile act.

Bleeping Computer reported that a note purporting to be from Ragnar Locker read: “So from this moment we warn all our clients, if you will hire any recovery company for negotiations or if you will send requests to the police/FBI/investigators, we will consider this as a hostile intent and we will initiate the publication of whole compromised data immediately.”


YOU MAY ALSO LIKE US policy change states healthcare apps must follow data breach notification rules