DP World Australia, part of Dubai's global ports operator DP World, is making “significant progress” on restoring landside freight operations at its ports following a cyber security incident on Friday.
The company has activated a business continuity plan to ensure the flow of some freight, it said on Sunday.
“DP World Australia teams are testing key systems crucial for the resumption of normal operations and regular freight movement,” the company said.
“A key line of inquiry in this ongoing investigation is the nature of the data access and data theft … DP World Australia is working hard to assess whether any personal information has been impacted and has taken proactive steps to engage the Office of the Australian Information Commissioner.”
On Saturday, DP World Australia said it had restricted access to its ports as it worked to contain the cyber security incident that is likely to disrupt the movement of goods for days.
The company operates four container terminals in Australia: Melbourne, Sydney, Brisbane and the port city of Fremantle in Western Australia.
Dubai-based DP World employs more than 7,000 people in the Asia-Pacific region and has ports and terminals in 18 locations.
The cyber incident “is serious and ongoing”, Clare O’Neil, Australia’s Minister for Home Affairs and Minister for Cyber Security, said on Sunday.
“DP World manages almost 40 per cent of the goods flowing in and out of our country, and this incident is affecting the ports of Melbourne, Fremantle, Botany and Brisbane,” she said in a post on X, formerly known as Twitter.
Representatives of Australia's National Co-ordination Mechanism will meet on Sunday afternoon, bringing together the relevant states and territories, logistics companies, other ports operators and relevant Commonwealth agencies, she said.
“Managing cyber incidents of this kind is incredibly complex,” Ms O'Neil said.
The Australian government is continuing to work with DP World Australia to resolve “a nationally significant cyber incident” that has affected operations at several ports around the country, national cyber security co-ordinator Air Marshal Darren Goldie said.
“DP World today advised the Australian government that the time frame for interruptions to continue is likely to be a number of days, rather than weeks,” he said.
The company's IT system remains disconnected from the internet, “significantly impacting their operations,” but despite the interruption, “they are able to access sensitive freight at the ports if necessary, for example, in a medical emergency”, he said.
“While I understand there is interest in determining who may be responsible for the cyber incident, our primary focus at this time remains on resolving the incident and supporting DP World to restore their operations,” he said in a post on X.
The Australian Federal Police is also continuing to investigate the incident, he added.
DP World is working with partners, including other ports and terminal operators as well as cyber security experts, and is making “significant strides” in addressing the cyber security incident, it said.
Cyber attacks continue to become more sophisticated, particularly as hackers focus on unsuspecting users who adopt technology at a rapid pace. Such attacks can cause financial and reputational damage.
In particular, ransomware – a type of malicious software that takes over a system and demands payment for it to be restored – continues to grow, compared with 10 years ago, cyber security services company Group-IB previously said.
More than 72 per cent of businesses globally have been affected by ransomware attacks as of 2023, has grown steadily over the past six years, data from Statista shows.