Cyber Incident Victim: Channel Ship Services
Date:
Nov 2018
Location:
Jersey
Summary
A maritime staffing firm specializing in offshore personnel services was compromised by the cybercriminal group TheDarkOverlord, resulting in the theft of sensitive employee and client data. The breach exposed seafarer contracts containing names, passport numbers, and wage details, alongside corporate client contact information including names, positions, email addresses, and phone numbers—information exploitable for phishing or business email compromise attacks. The attackers claimed possession of maritime security-related materials, though specifics remain unverified. The company did not publicly respond to the breach or acknowledge communications from the threat actors or media inquiries. The incident highlighted potential vulnerabilities in professional employer organizations serving high-security industries.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around November 18, 2018, Jersey-based Channel Ship Services (CSS), a provider of specialist personnel to the global offshore industry, experienced a data breach perpetrated by the hacking group TheDarkOverlord (TDO). The attackers exfiltrated sensitive personnel and client data, including seafarer agreements containing contractors’ names, passport numbers, wage rates, and contractual terms. TDO also acquired a client information spreadsheet listing company names, contact persons’ names, email addresses, positions, and telephone numbers. The group publicly disclosed the breach via a since-suspended Twitter account, directly addressing CSS executives Christopher Inns and Kevin Gollop. TDO implied a financial demand had been made to CSS prior to the breach disclosure, though no specific ransom amount or communication logs were shared with media outlets. The compromised data posed risks of fraud, social engineering, business email compromise, and phishing due to the detailed personal and professional information exposed. CSS did not respond to TDO’s demands or subsequent media inquiries from DataBreaches.net, which attempted contact via email and Twitter.
The breach raised concerns about maritime security due to CSS’s advertised services in maritime security, seismic operations, subsea/ROV, and other offshore sectors. TDO claimed to possess information that could jeopardize maritime security but provided no evidence beyond the sample personnel and client files shared with DataBreaches.net. The attackers indicated a broader targeting strategy focused on Professional Employer Organizations (PEOs), citing similarities to their earlier breach of Prime Staff Inc. CSS did not acknowledge the incident publicly, and DataBreaches.net received no replies from CSS, Jersey’s Office of the Information Commissioner, or a U.S.-based contractor affected by the breach. The lack of confirmation left unanswered questions about GDPR compliance, breach notifications to data subjects, and the full scope of compromised systems or operational data. TDO’s history of aggressive tactics, including threats of physical harm in prior incidents, underscored the seriousness of the intrusion despite the absence of verified maritime security compromises.