This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

DP World Australia

Summary

DP World Australia, a major port operator managing approximately 40% of goods entering and leaving Australia, detected unauthorised activity on its network on 10 November 2023. The company disconnected its network from the internet to contain the incident, forcing the closure of terminals in Sydney, Melbourne, Brisbane, and Fremantle for approximately one week. Whilst customer data was not affected, some employee personal information was accessed.

What Happened

On Friday, 10 November 2023, DP World Australia detected unauthorised activity on its network. To contain the incident and prevent further compromise, the company made the immediate decision to disconnect the network from the internet. This defensive action successfully contained the breach but had the side effect of shutting down land-side port operations at four of Australia's largest ports.

The investigation confirmed that no ransomware was deployed within the DP World Australia network—there were no ransomware executables, no encrypted files, and no ransom demands. However, a small amount of data was exfiltrated from the network. Cyber security analysts suggested that DP World may have been affected by the Citrix Bleed vulnerability, after researchers identified several public-facing devices on DP World's network that were vulnerable to this known security flaw.

Impact on Individuals

Customer data was not affected by the breach. However, some personal information of current and former employees of DP World Australia was accessed during the incident. The organisation contacted affected employees directly to inform them of the breach and provide guidance.

Organisational Response

DP World Australia worked closely with the Australian Cyber Security Centre, the Australian Federal Police, and the National Cyber Security Coordinator throughout the incident response. On 13 November, the company gradually began to resume port operations.

The shutdown created a backlog of approximately 30,000 containers at the four ports. Containers could still be unloaded from ships, but trucks were unable to leave the port facilities due to the IT shutdown. By 20 November, some seven days after port operations recommenced and 10 days after first detecting the incident, DP World Australia had cleared 100% of the backlog.

The incident highlighted the critical importance of port operations to Australia's supply chain, as DP World manages nearly 70 million containers annually.

Verification Source: View original statement