Cyber Incident Victim: Port of Ostend
Date:
Feb 2025
Location:
Belgium
Summary
The Port of Ostend experienced a cyberattack targeting its Ensor port community system, which manages ship arrival and departure data including crew lists. No critical data was compromised in the breach, and the incident did not affect other operational systems or disrupt port activities. External experts are assisting with restoration efforts to resolve the issue promptly.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Port of Ostend experienced a cyberattack on the night of Monday, February 10, 2025, which was publicly disclosed by port authorities the following day. The attack specifically targeted the port's community system known as Ensor, a platform responsible for managing operational data related to vessel movements. This system contained records documenting ship arrivals and departures, including associated crew manifests used for port operations. Port officials confirmed the incident occurred outside regular business hours, though they did not specify the exact time of initial detection or the duration of unauthorized access. Technical teams from the port immediately initiated an investigation upon discovering the breach, focusing on isolating the compromised Ensor system to prevent potential spread to other infrastructure. External cybersecurity experts were engaged to assist with forensic analysis and system recovery efforts, forming a coordinated response unit. The port emphasized that no operational disruptions occurred to shipping activities or cargo handling during or after the incident, maintaining normal service levels throughout the event.
Authorities conducted a preliminary assessment confirming that the Ensor system did not contain classified as critical infrastructure data, though they did not elaborate on specific data categories excluded from this classification. No evidence suggested compromise of other port management systems beyond the Ensor platform, with network segmentation reportedly containing the attack's scope. Crew lists and vessel movement records within Ensor remained the only confirmed affected datasets, though investigators continued verifying whether attackers exfiltrated or altered any information. Restoration efforts prioritized bringing the Ensor system back online while maintaining operational continuity through alternative procedures. The port provided no timeline for full system recovery but confirmed ongoing work to implement security enhancements before reactivation. No threat actor attribution, attack vector details, or ransom demands were disclosed in the initial public statements regarding the incident.