So much for SRP/GP restrictions. http://www.securityweek.com/hackers-target-uk-shipping-giant-clarkson
Did you find information somewhere if they employed such restrictions? Also, did they follow principle of least privilege?
No. I assumed from the "compromise user account" statement, they elevated privileges from that access.
Shipping Firm Avoids Customer Data Dump in Last Year's Hack & Ransom Incident July 31, 2018 https://www.bleepingcomputer.com/ne...-dump-in-last-years-hack-and-ransom-incident/