FedEx files 10-K with disclosure on TNT cyber attack to the Securities and Exchange Commission
July 18, 2017: New York stock exchange listed FedEx Corp commonly known as FedEx has filed its annual report on Form 10-K for the fiscal year 2017 with the Securities and Exchange Commission. The filing includes additional information regarding the June 2017 cyber-attack on the worldwide information systems of TNT Express BV. FedEx acquired TNT, the international express transportation, small-package ground delivery and freight transportation company acquired in May 2016.
According to the filing, “on June 28, 2017, FedEx announced that the worldwide operations of TNT were significantly affected by the cyber-attack known as Petya, which involved the spread of an information technology virus through a Ukrainian tax software product. The systems and data of all other FedEx companies are currently unaffected by the attack. TNT operates in Ukraine and uses the software that was compromised, which allowed the virus to infiltrate TNT systems and encrypt its data. While TNT operations and communications were significantly affected, no data breach or data loss to third parties is known to have occurred as of the date of this press release.”
The document continued that FedEx implemented contingency plans immediately following the attack to recover TNT operations and communications systems. As on date, all TNT depots, hubs and facilities are operational, and most TNT services are available. However, the filing admits that “Customers are still experiencing widespread service and invoicing delays. And manual processes are being used to facilitate a significant portion of TNT operations and customer service functions. We cannot estimate when TNT services will be fully restored. Contingency plans that make use of both FedEx Express and TNT networks remain in place to minimise the impacts to customers.”
The company further stated “Our information technology teams have been focused on the recovery of critical systems and continue to make progress in resuming full services and restoring critical systems. We are currently focused on restoring remaining operational systems, along with finance, back-office and secondary business systems. We cannot yet estimate how long it will take to restore the systems that were impacted, and it is reasonably possible that TNT will be unable to fully restore all of the affected systems and recover all of the critical business data that was encrypted by the virus.
Given the recent timing and magnitude of the attack, in addition to our initial focus on restoring TNT operations and customer service functions, we are still evaluating the financial impact of the attack, but it is likely that it will be material. We do not have cyber or other insurance in place that covers this attack. Although we cannot currently quantify the amounts, we have experienced loss of revenue due to decreased volumes at TNT and incremental costs associated with the implementation of contingency plans and the remediation of affected systems. In addition to financial consequences, the cyber-attack may materially impact our disclosure controls and procedures and internal control over financial reporting in future periods.”
However, the company has kept a positive outlook by reaffirming its commitment to improving the operating income at the FedEx Express Group by $1.2 billion to $1.5 billion in fiscal 2020 versus fiscal 2017, assuming moderate economic growth and current accounting and tax rules.