Share this article on:
Passports, driver’s licences, and other personal data have already been published as cyber criminals claim to have stolen nearly a terabyte of data.
The McMahons Point-headquartered Compass Group has confirmed it has fallen victim to a significant ransomware attack after the Medusa ransomware gang listed it as a victim on its darknet leak site overnight.
Medusa said little about the attack, but it has claimed to have stolen 785.5 gigabytes of data and is threatening to publish it within eight days.
Medusa is demanding US$2 million to delete the data, or the same amount for anyone to purchase it. The ransom deadline can also be extended by one day for US$100,000.
But while Medusa has not said much, it has shared several documents allegedly stolen during the attack, which include wage declarations belonging to Compass Group employees and several scans of international passports and driver’s licences, possibly belonging to contractors to the company. Various other internal documents were also published.
A spokesperson for the company said the malicious intrusion was discovered earlier this month.
“Compass Group Australia became aware of unauthorised activity in part of our IT network on 4 September,” the spokesperson told Cyber Daily.
“We immediately activated our incident response plan. Third-party forensic experts were engaged, and the affected systems were proactively disabled to remove the threat.
“During our investigations, we became aware that some data had been taken from our systems by the unauthorised third party. We are continuing to work closely with our forensic experts to verify what information was compromised as a result of this incident. “
Compass Group said that real-time threat monitoring is in place, no further malicious activity has been detected, and the company has notified its staff and other stakeholders.
“Employees, clients and suppliers have been notified of the incident, and we continue to provide regular updates to them,” the spokesperson said.
“We have also provided guidance to any employees who have concerns about the security of their personal information.”
Compass Group has notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, which are continuing to assist the company.
“Compass Group Australia apologises for any concerns this incident has raised for our employees, customers and suppliers,” the company’s spokesperson said.
The Compass Group is a wholly owned subsidiary of the UK-based Compass Group, and according to the Australian company’s website, it is “Australia’s largest food and support services company”.
The company employs 13,000 people and provides food services to companies in the education, mining, and defence sectors, as well as to hospitals and aged-care facilities.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.