Transnet Port Terminals (TPT) has declared a force majeure following a “cyber-attack, security intrusion and sabotage” on Transnet.
On 22 July 2021, Transnet confirmed it was experiencing a disruption in some of its IT applications. It added that the source of the disruption was identified.
The company would not say it was a victim of a cyber-attack, but many Transnet stakeholders confirmed the attack.
Transnet employees were asked to shut down their laptops, desktops, and tablets connected to the company’s domain. They were also warned not to access emails on their smartphones until further notice.
“Transnet systems have been hacked and compromised. Please disconnect from the Transnet network immediately until advised otherwise,” a follow-on message stated.
The security breach impacted remote access via APN/VPN and direct access to the system via the office LAN.
Transnet’s Engineering division in Pretoria confirmed all their systems were offline, and everyone who wasn’t working from home had left the offices.
Information shared by industry players showed that Transnet’s websites, IT and NAVIS systems were impacted by the security breach.
Jayson O’Reilly, the head of Atvance Intellect’s cybersecurity division, warned that unless Transnet was adequately prepared for a cyberattack, it could take weeks or months to recover its systems.
He noted that the attack on Virgin Active in May 2021 caused severe disruptions, and it took six to eight weeks to fully recover.
On Tuesday morning, the Transnet and Transnet Port Terminals websites were still down.
The Daily Maverick reported that the movement in and out of South Africa’s ports remains at a near standstill and that many employees were forced to stop working.
There is also the risk that most of Transnet’s 55,000 employees will not be paid salaries due today, it said.
Transnet emailed staff on Monday, informing them of an “unprecedented attack” that disrupted operations. It asked all non-operational employees to take leave from Monday to Thursday.
MyBroadband tried to contact the National Ports Authority, Port Terminals, Freight Rail, and Pipelines but could not reach anybody for comment.
Transnet Port Terminals (TPT) has now declared a force majeure. This is a common clause on contracts that frees all parties from liability when an extraordinary event occurs.
TPT said the force majeure event occurred on 22 July 2021 and continues to persist when Transnet, including TPT, experienced an act of cyber-attack, security intrusion, and sabotage.
This attack “resulted in the disruption of TPT normal processes and functions or the destruction or damage of equipment or information”.
“Investigators are currently determining the exact source of the cause of compromise and extent of the ICT data security breach/sabotage,” TPT said.
It said it had put mitigation measures in place to ensure operations at the container terminals are still running, albeit slower than expected.
One such measure is to ensure that a manual system has been put into place to load and discharge containers.
“Further, in the event that any damage occurs during operations, customers will be notified using a manual process which will be confirmed via email as soon as TPT systems are up and running again,” it said.