Cyber attack had limited global impact on APMT

Cyber attack had limited global impact on APMT

APM Terminals' fully automated Maasvlakte II in Rotterdam was one of its facilities worst affected by the June 27 cyber attack.

The Maersk Group cyber security breach on APM Terminals that caused vessels to be delayed and upset schedules was relatively short lived from a global perspective, although vessel handling at some terminals was affected more than others, according to analysis by SeaIntel.

In its assessment of port and vessel data at Maersk’s terminal division after the June 27 cyber attack, SeaIntel found that from a vessel-handling perspective, the effect on the terminals was not far outside "normal operational fluctuations", and APMT had largely continued operations as normal.

There were exceptions, however, such as at APMT’s fully automated Maasvlakte II terminal in Rotterdam where operations were severely impacted. For instance, there were no new arrivals at APMT Massvlakte II from June 29 until it started operating again on July 6.

SeaIntel said to APMT’s good fortune, the terminal most affected by the incident was in a port where they had an alternative terminal.

However, it was in the area of vessel reliability where the cyber breach impact was really felt. The analyst said in the days immediately after the incident, there was a significant decrease in schedule reliability of the vessels that called APMT berths.

The average reliability of these vessels in the weeks before the incident was 74 percent. Following the incident, reliability remained at 73 percent on June 29, but then dropped precipitously to 58.8 percent on June 30, and remained around 55 percent for the following two days.

“This suggest that delays started happening as vessels got backlogged, and possibly also as a consequence of the Maersk vessels slowing down as Maersk Line vessels had a high ratio of the calls in APMT terminals,” the analyst reported.

“Since then, there has been a rebound in the average reliability of the vessels, to the same level of fluctuations that was observed before the incident.”

However, SeaIntel pointed out that it was only able to analyze the patterns of vessels calling at APMT facilities, but could not from the data determine if the containers on board those vessels were handled as intended, as such information was only available to APMT and the carriers that have contracted with them.

“It is very likely that not all containers have been handled correctly, and that shippers have faced difficulties in getting their containers released, but this is purely speculation, as the data detail does not support this,” the analyst said.

Shippers reported difficulties in accessing their containers in the days after the cyber attack, which was hardly surprising as Maersk was forced to shut down its IT and communications system and revert back to a manual operation. This affected cargo bookings and EDI messages used to communicate with customers.

In a concession to shippers, Maersk Line said it would waive demurrage and detention charges for cargo that it was unable to release after the cyber attack.

“We recognize the disturbance caused to your business, and will therefore waive demurrage and detention during the period when the system outage impacted our ability to release your cargo,” the carrier said in a customer update this week. “In most places this period covers June 27 to July 9, but there may be local variations based on when the containers were made available for import release.”

The NotPetya virus spread through computers worldwide on June 27. It was initially believed to be ransomware, but is now thought to have been designed to wipe computers outright, and it temporarily shuttered Maersk’s shipping and terminal arms.

Maersk Line’s Asia Pacific CEO Robbert van Trooijen explained to reporters recently the impact the virus had on the group, forcing it to shut down its entire IT and communications system, which eliminated communications internally and with customers of Maersk Line, Damco, and APMT.

“It is an enormous task going from completely manual operations a few days ago to being fully automated once again. We shut our business down completely to ensure the initial virus did not spread,” he said.

Contact Greg Knowler at and follow him on Twitter: @greg_knowler.