Ransomware Attack on Swire Pacific Offshore Breaches Personnel Data

ransomware attack on Swire Pacific Offshore
Swire Pacific Offshore notified authorites of a cyber attack on its systems (Swire file photo)

Published Nov 26, 2021 12:05 PM by The Maritime Executive

Offshore operator Swire Pacific Offshore filed a notice on November 25 reporting that its systems have been subjected to a cyber security incident. While the Singapore-based company is reporting that the cyberattack has “not materially affected global operations,” data and security analysts believe the attack is the work of a notorious cyber gang and has resulted in a significant loss of data, including sensitive company and personnel information.

Swire Pacific Offshore said in its statement, “It takes a serious view of any cyberattack or illegal accessing of data or any unlawful action that potentially compromises the privacy or confidentiality of data and will not be threatened by such actions.” The company said it had discovered the attack that resulted in the loss of “some confidential proprietary commercial information and has resulted in the loss of some personal data.”

Independent analysts are reporting that the company was subjected to a ransomware attack by a group of hackers going by the name CLOP. Based on dark web posting by the group it is believed that they were successful in taking data from Swire Pacific Offshore’s personnel files ranging from passports, payroll, banking information, and email addresses. It is unclear which employee files were breached. Swire Pacific Offshore through its management company reports maintaining a “register of over 2,000 officers and ratings from around the world.” The company operates more than 50 vessels through Swire Pacific Offshore Operations.

Singapore where Swire Pacific Offshore is headquartered has some of the strictest data security regulations and requirements for reporting breaches. The company says that it immediately reported the incident to the relevant authorities and is also working with data security experts to investigate and determine what future actions it may need to take.

Currently, the company’s website and likely other parts of its operations are offline. 

In June 2021, Ukrainian police arrested six alleged members of the CLOP gang believed to have been involved with money laundering related to the ransomware attacks. The group first emerged in 2019, and despite the Ukrainian efforts supported by the U.S. and South Korea, the group was reportedly back in operations days after the arrests.

In the past, A.P. Moller-Maersk, CMA CGM, COSCO, HMM, K Line, and even the U.S. Coast Guard and IMO have all reported some form of cyberattack. An attack on South African port operator Transnet Port Terminals last summer led to the company declaring a force majeure. At the beginning of this week, Bureau Veritas reported that it had taken its servers temporarily offline after detecting illegal access to its systems.

The IASME Consortium, which is a UK organization for cyber security and information assurance for smaller companies, estimates that over the past three years cyber attacks on shipping increased by 900 percent.