Cyber Incident Victim: CMA CGM
Date:
Sep 2021
Location:
France
Summary
CMA CGM experienced a cybersecurity incident involving unauthorized access to customer data, including names, employer details, job positions, email addresses, and phone numbers, detected during API surveillance. The company's IT teams promptly deployed security patches and advised customers to remain vigilant against suspicious communications, emphasizing that legitimate requests would not solicit passwords or personal information. This breach followed a prior cyberattack against the same entity approximately one year earlier.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 20, 2021, French container shipping company CMA CGM disclosed a cybersecurity incident involving unauthorized access to customer data, marking its second significant breach in under a year. The breach was detected during routine surveillance operations monitoring the company’s application programming interfaces (APIs), which revealed a leak of limited customer information. Exposed data included individuals’ first and last names, employer names, professional positions, email addresses, and phone numbers. CMA CGM did not specify the exact timeframe of unauthorized access or the number of affected individuals but characterized the incident as a data leak rather than a full-scale system compromise. The company issued a customer notification on its website the same day, confirming the incident’s discovery and the nature of the compromised data. This breach occurred approximately eleven months after a previous cybersecurity incident in late 2020, though details of the prior event were not reiterated in the 2021 disclosure. No operational disruptions to shipping services or additional compromised data categories were reported in connection with the September 2021 incident.
CMA CGM’s IT teams responded by immediately developing and deploying security patches to address the API vulnerabilities exploited in the attack. The company’s notification emphasized proactive measures taken to contain the breach and secure systems, though it did not disclose technical specifics about the attack vector or threat actor. Customers were advised to remain vigilant against potential phishing attempts or suspicious communications leveraging the stolen data. The guidance included recommendations to avoid sharing account credentials, scrutinize emails requesting password resets, and verify the authenticity of any correspondence purportedly from CMA CGM. Affected parties were directed to contact a dedicated email address ([email protected]) for inquiries but were not offered credit monitoring or identity theft protection services in the published notice. The breach’s impact appeared confined to non-financial customer information, with no mention of compromised payment details, cargo operations interference, or regulatory penalties in the immediate disclosure.