TM mum on whether cyber-attack affected ship, air registries

Tista' taqra bil- Malti.

Transport Malta has remained silent on whether a cyber-attack on its system has affected the Ship and Air registry, when replying to questions sent by Newsbook.com.mt on Wednesday, as it cited that no more details could be divulged due to an ongoing magisterial inquiry.

Newsbook.com.mt has asked the authority the following questions:

  • When was the cyber-attack initially detected?
  • When did the cyber-attack actually happen?
  • Do you confirm that data has been lost from the Port Directorate, the ships registry and the air registration data?
  • Which other registries have been affected by the cyber-attack?
  • Was data stolen?
  • Do you confirm that there is no back up of the data affected?
  • How is the cyber-attack still impacting the operations of Transport Malta?

The same questions were sent to the Transport Ministry which directed this newsroom to the authority itself.

In a statement the authority said that its servers and intellectual property systems have been the subject of a cyber-attack during the night between 25 and 26 September.

TM releases a statement on the cyber-attack
Police investigating cyber attack on Transport Malta

“The Authority has immediately alerted its technical experts to take all the necessary measures to limit the effects of the said cyber-attack on its systems and has also immediately notified the Executive Police to assist in the matter,” the spokesperson said, adding that a magisterial inquiry is underway and that several court experts have been appointed to identify all the facts of the case and preserve all necessary evidence.

Transport Malta engaged third party experts to provide services on the matter while a data breach notification was submitted to the Office of the Information and Data Protection Commissioner. The spokesperson added that this was done in line with the statutory duties which are stipulated under the applicable Data Protection Legislation and Regulations.

The spokesperson also referred this newsroom to four press statements issued by the authority on separate dates: 27 September, 1 October, 2 October and 6 October. It remarked that the authority’s computerised systems pertaining to vehicles and driving licences were restored and the respective offices were opened to the public on the 6 October.

Opposition MP questions the extent of the cyber-attack

Opposition MP Jason Azzopardi has questioned the extent of the cyber-attacks in questions posed to Transport Minister Ian Borg.

Writing on Facebook he asked whether the IT system had been severely hacked and whether Malta’s ship and air registration data had been stolen. He also asked whether there was no back up data of the information stolen.

In a separate post on Thursday, Azzopardi said that following the questions to Minister Borg he has received ‘concrete information’. According to the information he had received it appears that all the Ports Directorate data has been lost while all Transport Malta systems have been shut down. Azzopardi added that new systems could not be installed as it was feared that the new data will be corrupted. He added that several employees could not work.

The Opposition MP claimed that there is a high probability that Transport Malta will be forced to start from scratch adding that the hack could have gone unnoticed since it could have possibly been carried out in November 2019.

Addressing Minister Borg, Azzopardi asked why the ministry remained silent on the issue.

Wara li lbierah filghaxija ktibt post insaqsi lil Ministru Ian Borg diversi domandi dwar jekk u kif is-sistemi tal-IT ta…

Posted by Jason Azzopardi on Wednesday, October 14, 2020

Sources speaking to this newsroom explained that the hack has affected practically everything and that now registrations had to be done manually.

TM notifies its employees

Transport Malta has issued a notification to its employees containing similar details to those sent as a reply to this newsroom.

In its email to employees, Transport Malta said that the notification was being issued now after it had obtained a clearer picture of the extent and possible effects and consequences of the cyber-attack. It urged its employees to take measures to protect personal data or information which has been processed by the authority.

Among the protective measures being advised, Transport Malta urged its employees to monitor their personal accounts for suspicious activity, to change their passwords frequently as they avoid to use easily guessed passwords or the same password for multiple accounts, to review their card accounts, statements and recent payments for any unauthorized activity and to immediately report such activity to their financial institution, employees were directed to the police in case of identify theft or misuse of personal data, and that they could contact Transport Malta’s Data Protection Officer.

Opposition MP Toni Bezzina reacted to the news of the internal notification saying that the employees have been informed 20 days late. He lambasted Transport Malta saying that this was worrying and careless behaviour.

He questioned the delay and asked whether any data was stolen and if employees can return to work with their mind at rest that their data is safe.

❗Għadni kif ġejt infurmat li l-impjegati ta' Transport Malta irċevew ċirkolari fejn ġew infurmati li s-servers ta' TM…

Posted by Perit Toni Bezzina on Thursday, October 15, 2020