Swire Pacific Offshore

Swire Pacific Offshore, also known by the alias SPO, is a marine services provider headquartered in the United States of America. The company operates within the offshore sector, delivering marine support services to clients engaged in maritime activities. Its service offering is reflected in industry descriptions that identify it as a provider of marine solutions. The organisation uses both its full name and the SPO abbreviation in public communications.

Information about the organisation's scale indicates that it employs roughly 2,500 individuals who are split between seafaring and onshore roles. These personnel are distributed across approximately 18 different countries, illustrating an international footprint. The geographic spread of its workforce suggests that the company serves a broad range of offshore projects worldwide. Such a distribution also means that any incident affecting staff can have wide‑reaching implications.

On 25 November 2021, Swire Pacific Offshore experienced a ransomware attack carried out by the Clop ransomware group. The breach resulted in unauthorized access to the company's networks and the exfiltration of confidential proprietary commercial information as well as personal data. The stolen personal data included employee passports, payroll details, bank account information, and internal correspondence. According to the company's statements, the attack did not cause any material disruption to its operational activities.

In response to the incident, Swire Pacific Offshore engaged external cybersecurity experts to conduct a thorough investigation and notified the relevant regulatory authorities. The organisation also indicated that it would contact the individuals whose data had been compromised to provide them with appropriate guidance. Despite the company's initial downplaying of the loss of confidential information, the attackers publicly released screenshots of the stolen data to validate their claims. This public leak underscored the extent of the exposure of sensitive employee records despite the firm's assessment of operational impact.