Clarksons PLC, a leading global shipbroking company, suffered a targeted cyber attack between May 31, 2017, and November 4, 2017, where an unauthorized third party infiltrated its systems via a single compromised user account in the UK. The attacker exfiltrated highly sensitive personal and financial data including dates of birth, contact details, medical records, tax/insurance information, social security numbers, resumes, driver’s licenses, bank/payment card details, passports, ethnicity, digital signatures, financial records, and criminal backgrounds before demanding a ransom for its return. Clarksons refused to negotiate, risking public exposure of the stolen data. The breach triggered an immediate 5% drop in stock value, signaling severe reputational and financial damage. Forensic investigations confirmed the attack’s scope, with the company engaging cybersecurity specialists to mitigate fallout. The incident underscored vulnerabilities in Clarksons’ data protection measures, exposing both employees and clients to identity theft, fraud, and long-term privacy risks.
Source: https://www.theregister.com/2018/08/01/clarksons_breach_update/
TPRM report: https://www.rankiteo.com/company/clarksons
"id": "cla450092125",
"linkid": "clarksons",
"type": "Ransomware",
"date": "5/2017",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'shipping/shipbroking',
'location': 'United Kingdom',
'name': 'Clarkson PLC (Clarksons Shipbroker)',
'type': 'public company'}],
'attack_vector': 'compromised user account (single, isolated)',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'extremely high',
'type_of_data_compromised': ['PII (Personally Identifiable '
'Information)',
'financial data',
'sensitive personal records',
'employment/background data']},
'date_detected': '2017-11-04',
'description': 'Clarksons Shipbroker experienced a hacking attack in the UK '
'where an unauthorized third party gained access to its '
'systems from May 31, 2017, to November 4, 2017. The attacker '
'accessed a single, isolated user account, copied sensitive '
'data, and demanded a ransom for its return. The compromised '
'data included highly sensitive personal and financial '
'information. Clarksons refused to pay the ransom, leading to '
'warnings that the data might be publicly disclosed. The '
'incident caused a 5% drop in stock value.',
'impact': {'brand_reputation_impact': 'high (data exposure risk, stock drop)',
'data_compromised': ['date of birth',
'contact information',
'medical information',
'tax information',
'insurance information',
'social security number',
'resume',
'driver license information',
'bank account data',
'passport information',
'payment card information',
'ethnicity',
'digital signature',
'financial information',
'criminal background information'],
'identity_theft_risk': 'high',
'payment_information_risk': 'high',
'systems_affected': ['Clarkson PLC information systems (UK)']},
'initial_access_broker': {'entry_point': 'single, isolated user account (UK)',
'high_value_targets': ['PII, financial data, '
'sensitive personal records'],
'reconnaissance_period': 'May 31, 2017 – November '
'4, 2017 (~5 months)'},
'investigation_status': 'ongoing (as of disclosure)',
'motivation': 'financial gain (ransom demand)',
'ransomware': {'data_exfiltration': True, 'ransom_demanded': True},
'response': {'communication_strategy': 'public warning about potential data '
'disclosure',
'incident_response_plan_activated': True,
'third_party_assistance': ['data security specialists']},
'stakeholder_advisories': 'warning issued about potential public data '
'exposure',
'threat_actor': 'unauthorized third party (blackmailer)',
'title': 'Clarksons Shipbroker Data Breach and Ransom Demand (2017)',
'type': ['data breach', 'ransomware', 'unauthorized access']}