Svitzer Marine Solutions, a global towage and marine services provider, fell victim to an email auto-forwarding cyber attack in Australia between May 27, 2017, and March 1, 2018. The breach involved three compromised accounts—finance, payroll, and operations—where up to 60,000 emails were secretly diverted to two external accounts controlled by attackers. The stolen data included sensitive employee information, such as tax file numbers, next-of-kin details, and superannuation account records, affecting over 400 employees—nearly half of the company’s Australian workforce. The prolonged exfiltration went undetected for nearly 10 months, exposing critical internal communications and personal data. The incident highlighted vulnerabilities in email security protocols, leading to significant internal data leakage with potential financial, reputational, and compliance repercussions for the organization.
TPRM report: https://www.rankiteo.com/company/svitzer-australia
"id": "svi304092125",
"linkid": "svitzer-australia",
"type": "Breach",
"date": "5/2017",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'No (Employees Affected: 400+)',
'industry': 'Maritime / Shipping / Towage Services',
'location': 'Australia',
'name': 'Svitzer Marine Solution',
'type': 'Subsidiary (A.P. Moller-Maersk Group)'}],
'attack_vector': 'Email Compromise (Auto-Forwarding Rules)',
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['Emails (Text, Attachments)'],
'number_of_records_exposed': 60000,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data (Tax File '
'Numbers, Superannuation '
'Details)',
'Operational/Employee '
'Correspondence']},
'date_resolved': '2018-03-01',
'description': 'Svitzer Marine Solution experienced an email forwarding '
'attack in Australia, where up to 60,000 emails from three '
'accounts (finance, payroll, and operations) were secretly '
'auto-forwarded to two external accounts between May 27, 2017, '
'and March 1, 2018. The attack resulted in data theft, '
'affecting nearly half of the company’s Australian employees '
'(over 400). The compromised emails contained sensitive '
'employee information, including tax file numbers, next of kin '
'details, and superannuation account information.',
'impact': {'brand_reputation_impact': 'Potential Reputation Damage Due to '
'Employee Data Exposure',
'data_compromised': ['Tax file numbers',
'Next of kin details',
'Superannuation account information',
'Employee operational, financial, and payroll '
'data'],
'identity_theft_risk': 'High (PII and Financial Data Exposed)',
'operational_impact': 'Data Theft Affecting Employee Trust and '
'Internal Processes',
'systems_affected': ['Email Accounts (Finance, Payroll, '
'Operations)']},
'initial_access_broker': {'entry_point': 'Email Account Compromise (Likely '
'Phishing or Credential Theft)',
'high_value_targets': ['Finance, Payroll, '
'Operations Departments']},
'motivation': 'Data Theft / Espionage',
'title': 'Svitzer Marine Solution Email Forwarding Attack (2017-2018)',
'type': 'Data Breach (Email Forwarding Attack)'}