Cyber Incident Victim: DP World
Date:
Nov 2023
Location:
Australia
Summary
A cybersecurity breach at DP World disrupted operations at major Australian ports, including Brisbane, leading to multi-day closures affecting national import and export activities. The Australian Federal Police launched an investigation while government agencies activated crisis protocols, restricting landside access to contain the incident though ship movements remained operational. Technical assistance was provided by national cybersecurity authorities, with ongoing coordination to address supply chain impacts from the prolonged disruption.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 10, 2023, DP World Australia detected a cybersecurity incident affecting its container terminal operations in Sydney, Melbourne, Brisbane, and Fremantle. The company immediately restricted landside access to its Australian port facilities that evening, suspending truck movements in and out of affected terminals while maintaining limited ship loading/unloading operations via cranes. The Australian Federal Police launched an investigation into the breach, while DP World initiated internal probes to assess system and data impacts. By November 11, the Australian Government activated the National Coordination Mechanism—a crisis management framework previously employed during COVID-19 and Medibank’s 2022 data breach—to coordinate federal, state, and industry responses. Home Affairs Minister Clare O’Neil confirmed regular government briefings with DP World to evaluate operational consequences, as National Cyber Security Coordinator Darren Goldiem warned the disruption would persist multiple days, significantly impacting national goods movement.
The incident caused immediate supply chain disruptions, with DP World’s terminals handling approximately 40% of Australia’s containerized trade. While Fremantle Ports clarified that only DP World’s landside truck operations were impaired—with Patrick terminals and ship movements unaffected—the nationwide closure restricted critical import/export flows. Technical assistance from the Australian Signals Directorate’s Cyber Security Centre complemented DP World’s containment efforts, which focused on safeguarding employee and customer data through access restrictions. The National Coordination Mechanism convened its first meeting on November 11 and scheduled follow-up discussions for November 12, reflecting the incident’s classification as a multi-jurisdictional priority. Historical precedents showed the Mechanism’s utility in managing non-health crises, including natural disasters and prior cyberattacks, though DP World’s investigation remained ongoing with no public attribution or resolution timeline confirmed.