Peter A Clarke

Kids Empire has suffered a data breach involving the public exposure of 2,363,222 documents in.PDF and.PNG formats with a total size of 92.3 GB. These included reservations, injury waivers, receipts with partial credit card numbers and transaction details, digital gift cards with no expiration date, source images for websites and templates. The database remained publicly accessible for at least three weeks before it was finally restricted. The data exposure is a privacy breach because it revealed personally identifiable information including names, physical and email addresses, phone numbers, and details about the reservations.

In March Australian companies have had two significant data breaches; GaP Solutions has been hit by a LockBit ransomware attack and the Black Basta gang has posted Australian passports and driver’s licences on dark web which it says it obtained from australiantextiles.com.au, ausweave.com.au, bartgroup.com.au, bruck.com.au, opt.net.au, wilsonfabrics.com, knoxbridge.com.au, novaemployment.com.au, primrose.co.uk, xenit.com.au, advancedcs.com.au, therose.pub, localbar.com.au.

The article about GaP Solutions attack provides:

Australian retail software vendor GaP Solutions has fallen victim to the LockBit ransomware gang.

LockBit posted on its darknet leak site on 29 February, threatening to publish whatever data it had exfiltrated within 20 days. The group declined to say how much data it had or share evidence of the hack.

Nor did it reveal the amount of its ransom demand.

GaP Solutions is taking the incident seriously and has begun an investigation.

“We are aware of online claims that there has been unauthorised access by an unknown third party to some of our internal data systems,” a GaP spokesperson told Cyber Daily.

“As soon as we became aware of these claims, we engaged external cyber security experts to assist us with our investigation and to determine whether GaP Solutions internal data has been impacted.”

So far, GaP has found “no evidence” that any customer data or infrastructure was compromised.

“We want to reassure our valued clients that this incident relates to our internal systems and has not affected our customer cloud services in any way,” GaP said. “Their data and services remain secure and unaffected by this issue.”

“We take cyber security and the protection of our data seriously, and we will keep our stakeholders updated as our investigation progresses.”

International law enforcement authorities executed a takeover of the gang’s dark net infrastructure and several arrests in February 2024. The gang, however, appeared back in operation within days, though some questions remain as to just how well LockBit has recovered.

Sadly, it would seem well enough.

The article about the Black Basta attack provides:

A ransomware gang has posted dozens of Australian passports and driver’s licenses to the dark web after apparently compromising a cloud-based hosting service.

The Black Basta gang has not disclosed who the hosting service is; however, referring to the victim only as “hvd.host”.

What the gang has shared, however, is a list of mostly Australian businesses whose data the gang is threatening to publish if a ransom isn’t paid by 9 March. Thirteen companies are listed by the gang.

Black Basta listed the companies by their websites as follows:

australiantextiles.com.au
ausweave.com.au
bartgroup.com.au
bruck.com.au
opt.net.au
wilsonfabrics.com
knoxbridge.com.au
novaemployment.com.au
primrose.co.uk
xenit.com.au
advancedcs.com.au
therose.pub
localbar.com.au

Several of the listed websites are not currently active.

Black Basta has also shared passport scans, scanned driver’s licenses, and a scanned Medicare card. Some documents are expired, but a large number are still valid. At least some of the scanned documents belong to past and present employees of one of the companies listed by Black Basta – Optimum Health Solutions.

The gang also shared a screenshot of a file directory with folders labelled ACS, ATM, AW, LB, OHS, ONC, and WF. Several subfolders appear to belong to The Local Bar.

Black Basta claims to have about 700 gigabytes of data in total, including account details, financial data, “personal employee documents”, legal documents, and more.

Where possible, Cyber Daily has sought comment from all the listed victims, including Optimum Health Solutions.

Black Basta has been in action since at least April 2022 and operates under a ransomware-as-a-service model, hiring its technical nouse out to other hackers to employ. It is a highly active outfit, with its affiliates racking up more than 40 victims in 2024 alone.