Overseas Express Shipping Company

Overseas Express Shipping Company, also known as OESC, is a shipping enterprise headquartered in Croatia. The organization's specific core products, service portfolio, operational scale, market reach, and ownership structure are not detailed in the available information. Its public profile is primarily defined by a significant cybersecurity incident rather than disclosed commercial attributes or sector positioning.

On September 14, 2020, the company was the target of a ransomware attack conducted by the LockBit criminal group. This incident involved the exfiltration and subsequent public leakage of a database containing approximately 5.8 million records of sensitive personal information, including names, addresses, and email addresses. LockBit employed standard ransomware tactics for the period, using dark web forums and a dedicated blog to publicly shame the victim and apply pressure for a ransom payment. The attack underscored LockBit's operational model at the time, which centered on data theft for leverage and the recruitment of affiliates to carry out intrusions. However, the event also highlighted operational inconsistencies within the LockBit ecosystem, as technical failures in their encryption and decryption processes reportedly enabled some affected organizations, potentially including OESC, to restore operations without succumbing to the ransom demand. This incident serves as a documented case of the broader ransomware threat landscape impacting a Croatian-based shipping entity, illustrating the dual risks of data encryption and data theft for extortion. The public disclosure of millions of customer records represents a severe data breach with lasting implications for individual privacy and the company's reputational standing. The affair provides a clear example of how ransomware groups leverage stolen data as a primary weapon, even when their technical execution is flawed.