In an unprecedented move, Transnet Port Terminals (TPT) declared force majeure on Monday following the ongoing fallout from a cyberattack last week which hit the entire Transnet group, South Africa’s state-run ports operator and freight rail monopoly.

While the group has tried to play down the hacking — initially describing it as a “disruption on its IT network” — TPT’s confidential force majeure letter to customers on Monday confirmed that it is “an act of cyberattack, security intrusion and sabotage”. The veracity of the letter has been confirmed by several Transnet and logistics industry sources.

The letter is titled “Declaration of force majeure for Transnet Port Terminals container terminals in the Ports of Durban, Ngqura, Port Elizabeth and Cape Town – confidential notice to customers”. It was sent out by TPT CEO Velile Dube. This confirms a major blow for Transnet, with TPT being one of its biggest and most important divisions.

TPT operates the container handing facilities at Durban – sub-Saharan Africa’s busiest container port – as well as container terminals in Cape Town and the Eastern Cape ports of Ngqura and Port Elizabeth.

On Monday, the websites of Transnet and its divisions were still offline – for the sixth day. The group had resorted to a manual system in an effort to continue to operate key divisions, such as TPT. However, with further tru0cking delays, especially at the Port of Durban (which handles over 60% of South Africa’s container traffic), TPT seems to have had no option but to institute force majeure on Monday.

‘An act of cyberattack’

“This serves as notice of declaration of force majeure event, which occurred on 22 July 2021 and continues to persist, when Transnet, including TPT, experienced an act of cyberattack, security intrusion and sabotage,” the letter states.

It adds that this has “resulted in the disruption of TPT normal processes and functions or the destruction or damage of equipment or information”.

“Investigators are currently determining the exact source of the cause of compromise and extent of the ICT data security breach/sabotage. Transnet is implementing all available and reasonable mitigation measures to limit the impact of this compromise,” the letter further states.

“Accordingly, TPT hereby invokes the provisions of clause 11.1 read together with clause 11.2.11, of the TPT conditions of trade and as TPT is prevented from, or delayed in performing any of its obligations under such conditions of trade or such commercial agreements in respect of the container sector, hereby gives notice of an FM (force majeure) event declaration with immediate effect,” Dube explains in the notice.

“TPT’s relief from liability stipulated herein will remain in full force and effect despite the implementation of the mitigation measures detailed herein,” he adds. “In keeping with the provisions of clause 11 of the TPT conditions of trade, TPT has put certain mitigation measures in place to ensure operations at the container terminals are still running albeit slower than expected.

“One such measure is to ensure that a manual system has been put into place for the loading and discharge of containers. Further, in the event that any damage occurs during operations, customers will be notified using a manual process which will be confirmed via e-mail as soon as TPT systems are up and running again,” it notes.

Dube gave further details of how TPT would be treating berthing as well as imports and exports at the affected container terminals while the IT system remains offline.