Offshore operator Swire Pacific Offshore filed a notice on November 25 reporting that its systems have been subjected to a cyber security incident.
Swire Pacific Offshore (SPO) has discovered that it was the target of a cyberattack which involved unauthorised access to its IT systems.
The unauthorised access has resulted in the loss of some confidential proprietary commercial information and has resulted in the loss of some personal data. The cyberattack has not materially affected SPO’s global operations.
Swire Pacific Offshore said in its statement, “It takes a serious view of any cyberattack or illegal accessing of data or any unlawful action that potentially compromises the privacy or confidentiality of data and will not be threatened by such actions.” The company said it had discovered the attack that resulted in the loss of “some confidential proprietary commercial information and has resulted in the loss of some personal data.”
The Attackers and Breached Data
Independent analysts are reporting that the company was subjected to a ransomware attack by a group of hackers going by the name CLOP.
Based on dark web posting by the group it is believed that they were successful in taking data from Swire Pacific Offshore’s personnel files ranging from passports, payroll, banking information, and email addresses.
It is unclear which employee files were breached.
Swire Pacific Offshore through its management company reports maintaining a “register of over 2,000 officers and ratings from around the world.” The company operates more than 50 vessels through Swire Pacific Offshore Operations.
Actions Taken by the Company
SPO has taken immediate actions to reinforce existing security measures and to mitigate the potential impact of the incident. SPO has reported the incident to the relevant authorities and will work closely with them in relation to the incident. SPO is contacting potentially affected parties to inform them about the incident.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.