Cyber Incident Victim: Swire Pacific Offshore
Date:
Nov 2021
Location:
Singapore
Summary
Swire Pacific Offshore suffered a ransomware attack by the Clop group, leading to unauthorized access and data theft. The breach compromised confidential proprietary commercial information and personal data, including employee passports, payroll details, bank account information, and internal correspondence. While the company confirmed no material operational impact, approximately 2,500 seafaring and onshore personnel across 18 countries were potentially affected. SPO engaged external experts for investigation, notified relevant authorities, and planned to contact impacted individuals. The attackers publicly leaked screenshots of stolen data to substantiate their claims, highlighting the exposure of sensitive employee records despite the firm's initial downplaying of confidential information loss.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around November 25, 2021, Swire Pacific Offshore (SPO) detected unauthorized access to its IT systems, later identified as a Clop ransomware attack. The Singapore-based marine services provider confirmed the incident compromised confidential proprietary commercial information and personal employee data, though it stated global operations were not materially disrupted. SPO engaged external cybersecurity experts to investigate the breach’s scope and reported the incident to relevant authorities. The Clop ransomware group claimed responsibility, publishing screenshots of stolen data that included employee passports, payroll records, ID numbers, bank account details, email addresses, and internal correspondence. Forensic analysis by media outlets validated the authenticity of these leaks, confirming the theft of sensitive personnel information.
The attackers exfiltrated data affecting approximately 2,500 seafaring and onshore personnel across SPO’s operations in 18 countries. SPO committed to directly notifying all potentially impacted individuals, though it did not publicly disclose exact figures. The incident occurred amid heightened vulnerabilities in the global shipping industry, which faced post-pandemic supply chain disruptions, tripled shipment costs since 2019, and escalating delivery delays. While SPO emphasized no critical operational systems were disrupted, the breach highlighted ransomware actors’ strategic targeting of maritime logistics during sector-wide instability. The company maintained its investigation with external partners to determine full attack vectors and data exposure timelines but did not disclose whether a ransom was demanded or paid.