Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Exclusive: NZ-based Bennett Currie customer data published following ransomware attack

Customers of the New Zealand accounting firm have had their personal and financial data published on the dark web.

user icon David Hollingworth
Thu, 12 Sep 2024
Exclusive: NZ-based Bennett Currie customer data published following ransomware attack
expand image

New Zealand accounting firm Bennett Currie has suffered a data breach impacting nearly 1,000 of its customers.

The RansomHub ransomware gang listed the Palmerston North-based firm as a victim on its dark web leak site on 4 September, claiming at the time to have stolen 375 gigabytes of data.

No ransom demand was listed, and Bennett Currie was given around six days to act, or the data would be published.

============
============

The full data set has now been published, and it appears to be a list of nearly 1,000 of the firm’s customers. It does not seem to be the company’s entire list of customers, however, as the alphabetically sorted list cuts off in the G’s.

The customers include businesses and individuals, while the data dates back to 2008 and includes documents as recent as 2024.

Inside each customer’s folder, further documents are listed in folders by year, and each of these includes folders for emails and correspondence, financial reports, tax, and workpapers. In some cases, these folders are empty, but in others, there is a rich trove of personal data.

Personal details relating to one individual customer include their IRD number (the New Zealand equivalent of a Tax File Number), scanned documents with the customer’s signature, and scans of various ID documents, including a driver’s licence scan.

That same document also includes scans of the customer’s credit card, both front and back. The card is still valid.

Numerous other individuals have had similar data listed alongside tenancy agreements, tax statements, bank account details, passport scans, and, in some cases, details of individuals under financial stress.

The data belonging to Bennett Currie’s business customers includes financial statements, invoices, loan agreements, and property purchase contracts.

According to the time the files were created, the ransomware attack appears to have taken place over the space of about an hour and a half on 2 September.

Cyber Daily contacted Bennett Currie, but the company has so far declined to respond. There is no notice of the incident on the company’s website at the time of writing.

RansomHub – which operates with several affiliates as a ransomware-as-a-service operation – was particularly active in the ANZ region last month, claiming five Australian victims and one New Zealand-based interior design firm.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.