DP WORLD has confirmed employee data was stolen in a recent cyberattack that shut down operations at four Australian terminals.

DP World said some files were accessed by the “unauthorised third party” behind the attack and a “small amount of data” was taken from the terminal operator’s Australian network.

DP World said customer data was not affected, according to an investigation, but some of the stolen data includes the personal information of current and previous employees.

DP World said its investigation confirmed that the incident was confined to the Australian operations and did not impact any other markets where the company operates.

It also confirmed that no ransomware was found or deployed within the DP World’s Australian network.

“As an important part of Australia’s logistics and supply chain, we acknowledge the impact of this cybersecurity incident,” DP World Oceania executive vice-president Nicolaj Noes said.

“We would like to thank our customers, employees and our stakeholders for their patience and support during the incident and the investigation.”

DP World said it is in the process of notifying those impacted and has established a “cyber response team”.

DP World’s technology team detected the cyberattack on Friday 10 November. The company disconnected the network from the internet to attempt to contain the incident. The company said this impacted land-side port operations but also contained the incident.

DP World said its Australian team and its advisers have worked extensively from the time of first detection to restore operations and investigate the impact of the incident.

On Monday 13 November, DP World Australia was able to recommence port operations and since this time it has been working closely with all key stakeholders to ensure a rapid return to normal operations.

“DP World Australia’s incident response played a crucial role in its ability to effectively identify, protect, detect, respond to, and recover from the incident,” the company said.

“By 20 November, some seven days after port operations recommenced and 10 days after first detecting the incident, DP World Australia has cleared 100% of the backlog, comprising some 30,137 containers.”

DP World said it has been working with the Australian Cyber Security Coordinator, the Australian Cyber Security Centre, the Australian Federal Police, the Department of Home Affairs, Ministers Clare O’Neil MP and Catherine King MP, the Office of the Australian Information Commissioner and various state and territory agencies throughout the incident.