In addition, the Danish ocean carrier has implemented “different and further protective measures” in its cyber security in the wake of the June 27 Petya virus attack that all but crippled the company’s IT systems.
The U.S. Federal Maritime Commission (FMC) has granted Maersk Line a temporary exemption from service contract filings as a result of serious complications suffered by the container shipping company due to the Petya cyber attack.
The exemption was granted July 19 by the commission’s four current sitting members.
Maersk filed the request on June 30 after the company’s IT and communications infrastructure was seriously impacted and then shut down as a security measure as a result of the Petya cybersecurity attack on June 27.
In its request, Maersk asked the FMC for a 20-day respite from service contract filing rules because the Petya virus severely impaired the company’s information systems to the point that it hasn’t been able to determine which service contracts and/or service contract rates are scheduled to expire in late June or in early July.
The temporary reprieve means Maersk won’t require customers to pay higher tariff rates to shipments tendered during the 20-day period, but Maersk is allowed to apply service contract rates to such shipments that were agreed upon and filed after the date of cargo receipt without violating the Shipping Act.
“Because the requested exemption will not result in substantial reduction in competition or be detrimental to commerce, we grant Maersk’s petition,” the FMC commissioners wrote in their decision. “The commission believes that the process requested by Maersk will adequately protect affected shippers and their rights.”
Under the commission’s July 19 order, Maersk is required to file any service contract amendments with the FMC as soon as practical, but no more than 30 days after execution.
Earlier this month, Maersk said it will waive demurrage and detention fees accrued by customers during the period when a system outage caused by the Petya cyber attack impacted its ability to release cargo.
For most customers, the waiver period was from June 27 through July 9, with some local variations based on when those containers were made available for import release, Maersk said.
Meanwhile, Maersk Line has “put in place different and further protective measures” in its cyber security in light of the Petya attack, the Danish ocean carrier said in a statement Thursday.
It’s been nearly four weeks since the cyber attack all but crippled the company’s IT systems, as well as those of fellow A.P. Moller-Maersk subsidiary APM Terminals and several other shipping industry firms, but Maersk has been slowly restoring all operational aspects of its business and returning customer services levels back to normal.
“This virus attack was a previously unseen type of malware, and updates and patches applied to both the Windows systems and our antivirus were not an effective protection in this particular case,” the company said. As a result, Maersk’s “operations and communications have been significantly affected by this virus attack,” but there has been “no data breach or data loss to third-parties is known to have occurred as of this date.”
Maersk did not disclose the details of the new protective measures put in place due to confidentiality agreements, but the company said, “Once our service has returned to more normal conditions, we will conduct a full post-mortem. Thereafter, we will engage closely with customers and partners to share lessons from this incident and ensure you can benefit from our learnings.”
Other companies hit by Petya include FedEx subsidiary TNT Express, which the company says may have suffered “material” financial impacts from the attack. Investigations are still ongoing, however, for all companies involved in the attack.
