Marine Services Provider Swire Pacific Offshore Discloses Data Breach
Singapore-based marine services provider Swire Pacific Offshore (SPO) disclosed a cybersecurity incident that resulted in the loss of commercial and personal data.
In an announcement published over the U.S. Thanksgiving holiday weekend, the company revealed that a third-party was able to access some of its systems without authorization.
“The unauthorized access has resulted in the loss of some confidential proprietary commercial information and has resulted in the loss of some personal data. The cyberattack has not materially affected SPO’s global operations,” the company said in a statement.
SPO also announced that it has reported the incident to the authorities and that it started the process of notifying the affected parties.
The company also said it took steps to improve its security, to better protect customers and staff, and to mitigate the impact of the incident, but provided no further details on the type of cyberattack that it suffered.
However, SPO’s announcement suggests that the threat actor attempted to extort the company, which indicates that ransomware might have been used in the attack.
“[SPO] takes a serious view of any cyberattack or illegal accessing of data or any unlawful action that potentially compromises the privacy or confidentiality of data, and will not be threatened by such actions,” the company added.
The cybercriminals behind the Clop ransomware operation have already claimed responsibility for the attack, and also published on their Tor leaks website a large amount of data allegedly stolen from SPO.
Over 56 archives publishedappear to contain personal data of SPO employees, including ID cards and passport scans, email addresses, bank account numbers, and phone numbers, along with internal login details.
Operating in 18 countries, the company has a fleet of over 50 offshore support vessels and roughly 2,500 employees, but it’s unclear how many of them might have been affected by the incident.
Just as SPO disclosed, the hackers also appear to have stolen files containing various commercial information, including receipts and other documents.