MSC Mediterranean Shipping Company confirms that a recent network outage at the company's headquarters in Geneva has now been resolved and all internal systems are fully functional. All MSC booking options and the website msc.com are available again.
The incident was confined to MSC’s headquarters in Geneva only and affected the availability of some of MSC’s digital tools and msc.com for a few days during the Easter holiday long weekend. MSC agencies remained fully functional and continued serving customers as usual during this time.
While MSC considers this incident to be resolved, we remain focused and cautious in our approach to information technology and committed to minimising the risk of systems outages. We thank all our customers for their patience and support while we worked hard to make all systems available again as soon as this was possible.
Q: Why was MSC’s website down for a few days in April?
A: In mid-April, MSC experienced an outage at our data centres in our headquarters in Geneva, Switzerland. This affected the availability of some of our digital tools and our website msc.com for a few days during the Easter holiday long weekend, as we took precautionary measures to limit access while we were investigating the details of the incident and ensuring the integrity of our systems.
Our agencies remained fully functional and continued serving customers as usual during this time. The website was back up and running by the early hours of 15 April and since then all our usual online booking channels have been open as usual. We resolved this quickly, but we intentionally did not rush things. It was very important to us to ensure that we had a validated solution in place and to cover off all necessary checks and testing before making the website live again and that this would not pose any risk, even if unlikely, to any of our customers or partners. In addition, this happened during the middle of the global COVID-19 crisis with many of us working from home and it took a bit of time to sort things out.
We would like to thank everybody who faced an inconvenience for their patience and understanding.
Q: How can I place a booking or track a shipment with MSC?
A: Every usual option is available. One result of the outage was that myMSC (our official proprietary e-business solution) was down over the Easter long weekend. That platform is up and running again, so customers may go to myMSC.com (or use the myMSC app) and request a booking.
Customers can also continue to place bookings with MSC through third-party online platforms such as INTTRA, GT Nexus and CargoSmart, as well as directly through usual MSC representatives using more traditional methods such as telephone and email. The track and trace function on msc.com is available to anybody wishing to search for a specific shipment, as are our web services and APIs (Application Programming Interfaces).
Q: Is it safe to do business with MSC? Can I share data and open emails from MSC?
A: Yes. MSC adopts all necessary security protocols in all our communications and the April IT outage incident posed no threat to parties engaging with MSC, via email or EDI (Electronic Data Interchange) connections. We also communicated this at an early stage directly to our customers.
Q: Was any data lost or compromised as a result of this incident?
A: After a thorough investigation, we are not aware at this time of any lost or compromised data as a result of this incident. We will remain in touch with individual customers and partners to discuss or address any specific concerns, should a need ever arise, as we fully appreciate the importance of data protection.
Q: Is the incident now resolved?
A: Yes, our internal systems are fully functional and systems such as msc.com are back up and running. The incident was confined to our headquarters in Geneva only, so for most parts of our business it had a limited impact. After carefully attending to the incident, our team of technology experts waited until they were satisfied that we could ensure all our proprietary systems could be up and running again safely and reliably. While we consider this incident to be resolved, we are not complacent and we remain focused and cautious in our approach to information technology. MSC remains committed to minimising the risk of systems failure and protecting our business from cyber-security threats.
Q: When do you expect a full recovery?
A: Most of the impact of this incident was over by the end of the Easter holiday weekend. For our employees, customers and partners things should be back to normal and we have continued to receive bookings for cargo shipments through usual online and traditional channels as well as alternative channels put in place during this brief outage.
Q: What exactly happened? Was it a cyber-attack?
A: As the incident was being thoroughly investigated by our security and IT teams, assisted by external experts and taking also in consideration we were during the Easter holiday long weekend, we actively decided as a precaution to take our headquarters computer systems offline in order to ensure their integrity. After a thorough investigation, we confirmed that it was confined to a limited number of physical computer systems in Geneva only and we determined that it was a malware attack based on an engineered targeted vulnerability. We have shared as per industry standards the malware with our technology partners so that mitigations could be made available not only to us. We will not be commenting further in detail on this point, as this would be counter-productive from a security perspective. If in due time we feel that there are any important lessons or best practices to learn, we will share information via the appropriate industry forum or directly with other companies.
During the network outage, MSC’s global agencies and our people around the world continued to serve customers as usual in most cases. All MSC departments, terminals, depots etc. operated without disruptions and the incident posed no threat to parties engaging in business with the company.
Q: Did MSC have sufficient security protocols and systems in place? What is MSC doing to prevent this from happening again?
A: MSC is very conscious of the perennial threat of cyber-security in the shipping industry and we adopt all necessary security protocols in all our communications and business transactions. In addition to these specific protocols, we have other confidential measures and processes in place, such as regular cyber-security training for employees on shore and at sea. Furthermore, we are in the process of continuous evolution of our internal IT systems both from software and infrastructure perspective. MSC is a founding member of the Digital Container Shipping Association, a neutral, non-profit industry group which is working on supporting companies in the sector in cyber risk management, among its various workstreams.
Q. What was the impact on your business?
A: The incident was confined to our headquarters in Geneva only, so for most parts of our business it had only a limited impact. We worked hard around the clock to fix this incident and to provide alternative solutions for any customers who temporarily could not place a booking through myMSC. We also provided regular updates on the incident via our social media channels and directly to our customers, including on how they could continue to make bookings with us. We were able to keep cargo flowing around the world despite this incident, thanks to the dedication and hard work of our agents around the world.