FedEx subsidiary TNT Express continues to deal with the pain and problems caused by the Petya technology virus, FedEx stated in a 10-K filing with the United States Securities and Exchange Commission yesterday.
FedEx acquired TNT for $4.8 billion in May 2016. TNT at that time was the fourth largest global parcel operator.
“While we have significant security processes and initiatives in place, we may be unable to detect or prevent a material breach or disruption in the future,” FedEx said.
In late June, when the virus hit the TNT Express operations and communications systems, FedEx said that while those systems were disrupted, no data breach was known to have occurred, adding that the operations of all other FedEx companies were unaffected and services were being provided under normal terms and conditions.
FedEx added in June that remediation steps and contingency plans were being implemented as quickly as possible, with TNT Express domestic country and regional services largely operational while slowed. The company also said that it was experiencing delays in TNT Express intercontinental services and is offering various FedEx Express services as alternatives. While FedEx said it could not measure the financial impact of this disruption it did say it could be material.
That situation, to a large degree remains the case a little more than two weeks later based on information in the FedEx 10-K in which FedEx said that the Petya virus encrypted the TNT Express data.
“While TNT Express operations have been restored and most TNT services are currently available, as of the date of this filing, we cannot estimate when TNT Express services will be fully restored,” the 10-K stated. “In addition, we cannot estimate how long it will take to restore the systems that were impacted and it is reasonably possible that TNT Express will be unable to fully restore all of the affected systems and recover all of the critical business data that was encrypted.
Given the recent timing and magnitude of the attack, in addition to our initial focus on restoring TNT Express operations and customer service functions, we are still evaluating the financial impact of the attack, but it is likely that it will be material.
FedEx outlined various consequences or potential consequences the cyber-attack could have on its results of operations and financial condition, including:
A research note from Wolfe Research said that the firm believed TNT had significantly under-invested on IT in recent years, leaving the company more susceptible to prolonged impacts.
Jerry Hempstead, president of parcel consultancy Hempstead Consulting, said that this current situation is a very big problem for FedEx/TNT.
“Shippers are just not equipped to tender in paper,” he said. “Now, sadly for FedEx, the most affected shippers can tender to UPS and DHL electronically outside the United States electronically. They just have to scramble to negotiate a discount agreement close to the deal they may have had with TNT.”