After two weeks of struggling to overcome the effects of a cyber-attack on its systems, shipping giant CMA CGM Group announced that it has finally been able to restore operations on its e-commerce sites and resume all bookings online. Customers had been struggling and frustrated by the outage, demonstrated by a filing the group made to the U.S. Federal Maritime Commission.
CMA CGM was hit by the attack on September 27 and initially said it had been limited to peripheral servers. They later said they had taken parts of the system down to prevent the spread of the malware while providing other booking tools to customers.
“The CMA CGM group’s e-commerce sites are once again live, with all their main functionalities up and running (bookings, tracking, route finder, Myprices, invoices, etc),” said the statement sent out to on October 11. “Applications and essential functionalities are now operational and secured to offer CMA CGM Group customers the level of service to which they are accustomed.”
While the systems have been restored, on October 8, CMA CGM filed with the FMC seeking a temporary exemption from standard tariff and service contract filing requirements. Saying that it was seeking to service its customers, CMA CGM’s filing requests, “retroactive application of tariff publications and service contract filings impacted by the recent cyber-attack against the CMA Group, for a period of up to 60 days following the cyber-attack.” They say that systems were currently unable to facilitate tariff publication including tariff rates, charges and rules for both original service contracts and amendments.
The CMA Group says in the filing that it will not use this flexibility to apply increased tariff rates or charges to customers absent an alternate form of written 30-day notice, but instead it will permit them to apply service rates agreed with customers before filing or publication can be accomplished. They say by granting the application the FMC will ensure that customers are not paying higher tariff rates due to the CMA Group’s inability to conduct timely service contract filings or tariff publications.
CMA Group requested flexibility to retroactively apply tariff rates, charges and rules communicated to its customers but for which its systems were currently unable. They cited as examples American President Lines’ inability to publish changes between October 1 and November 1 with new rates and to amendments to existing rules. CMA CGM and ANL while using a third-party system that was not directly impacted by the cyber-attack was unable to access quotes that have been given to customers in order to convert them into tariff line items for customers ready to book using those quotes.
CMA CGM declined to offer more details into the scope of the attack only to say that they were happy to have their systems restored and be able to provide full service to customers.