In October 2023, Corsica Ferries, a prominent ferry operator, suffered a targeted cyberattack executed by the ALPHV ransomware group. The attackers successfully exfiltrated 101 GB of sensitive data, including banking details, personal information of customers/employees, and proprietary internal documents such as ship blueprints. After the company refused to comply with ransom demands, the stolen data was leaked on the dark web. The incident caused a temporary disruption of server operations, though services were restored shortly afterward. The breach exposed critical financial and personal data, posing risks of fraud, identity theft, and operational vulnerabilities. The involvement of ransomware and the scale of data theft covering both customer and internal company information highlight the attack’s severe implications for privacy, financial security, and corporate integrity.
Source: https://gettotext.com/corsica-ferries-hacked-100-gb-of-banking-and-personal-data-were-stolen/
TPRM report: https://www.rankiteo.com/company/corsica-ferries
"id": "cor317092125",
"linkid": "corsica-ferries",
"type": "Ransomware",
"date": "10/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Transportation (Ferry Services)',
'location': 'France/Italy (Mediterranean region)',
'name': 'Corsica Ferries',
'type': 'Company'}],
'data_breach': {'data_exfiltration': '101 GB of data leaked on dark web',
'personally_identifiable_information': 'yes',
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['banking information',
'personal data',
'internal documents (ship '
'drawings)']},
'date_detected': '2023-10-01',
'description': 'In October 2023, Corsica Ferries, a ferry company, fell '
'victim to a cyberattack by the ALPHV group, resulting in the '
'theft of 101 GB of confidential data. The hackers, known for '
'ransomware attacks, made the stolen information available on '
'the dark web after the company refused to cooperate with '
'their demands. The stolen data reportedly includes banking '
'information, personal data, and internal documents such as '
'ship drawings. Despite the attack, Corsica Ferries resumed '
'operations after a brief interruption of its servers.',
'impact': {'data_compromised': ['banking information',
'personal data',
'internal documents (e.g., ship drawings)'],
'downtime': 'brief interruption',
'identity_theft_risk': 'high (personal data exposed)',
'operational_impact': 'temporary disruption, operations resumed',
'payment_information_risk': 'high (banking information exposed)',
'systems_affected': ['servers']},
'initial_access_broker': {'data_sold_on_dark_web': 'yes',
'high_value_targets': ['banking information',
'internal documents']},
'motivation': 'Financial (ransom demands)',
'ransomware': {'data_exfiltration': '101 GB',
'ransom_paid': 'no (company refused to cooperate)',
'ransomware_strain': 'ALPHV (BlackCat)'},
'response': {'recovery_measures': 'resumed operations after server '
'interruption'},
'threat_actor': 'ALPHV (BlackCat) ransomware group',
'title': 'Corsica Ferries Cyberattack by ALPHV Group',
'type': 'Cyberattack (Ransomware, Data Theft)'}