Cyber Incident Victim: Sembcorp Marine Ltd
Date:
Jul 2022
Location:
Singapore
Summary
A cybersecurity incident at Sembcorp Marine involved unauthorized access to part of its IT network through third-party software, compromising personally identifiable information of current, former, and prospective employees alongside non-critical operational data. The company engaged cybersecurity experts to investigate breaches, assess impacts, and strengthen infrastructure, confirming that risks were effectively mitigated without disrupting business operations. Affected stakeholders were notified and offered support, while relevant authorities were informed and collaborated on the matter. Scans detected no exfiltrated data, and the incident was assessed to have no material financial impact on annual results. Information security and stakeholder privacy remained prioritized throughout the response.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Sembcorp Marine Ltd discovered a cybersecurity incident in late July 2022 involving unauthorized access to part of its IT network. The breach occurred through vulnerabilities in third-party software products integrated with the company's systems. Upon detection, the company immediately initiated containment protocols to manage and mitigate potential risks. Cybersecurity experts were engaged to conduct forensic analysis, identify all system breaches, determine root causes, and assess the scope of impact. Concurrently, the company reviewed and strengthened security measures across its core IT infrastructure to prevent further exploitation. Investigations confirmed the incident did not disrupt business operations at any stage. Authorities including relevant regulatory bodies were promptly notified, with ongoing coordination throughout the response process.
The compromise affected personally identifiable information belonging to incoming, current, and former employees, alongside non-critical operational data unrelated to essential business functions. Forensic scans conducted by cybersecurity specialists found no evidence that exfiltrated data had been disseminated or misused. Sembcorp Marine directly notified affected individuals about the exposure of their information and committed to providing support for potential consequences. The company emphasized information security and stakeholder privacy as priorities throughout its communications. Financial assessments concluded the incident would not materially impact consolidated net tangible assets or earnings per share for the 2022 fiscal year, with no operational downtime reported during or after the breach.