Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Threat actors allegedly leak sensitive data of Australian aged-care firm

Threat actors have allegedly exfiltrated data from Tasmanian aged-care organisation Respect and are claiming to have published it on the dark web.

user icon Daniel Croft
Tue, 01 Oct 2024
Threat actors allegedly leak sensitive data of Australian aged care firm
expand image

The threat actor, ThreeAM, listed Respect under its former name, Masonic Care Tasmania (MCTas), and uploaded 15 different .rar files containing data, as well as a .txt file outlining the files stolen.

According to that file, the listing contains 313,993 files, totalling over 198 gigabytes worth of data.

Data allegedly includes passports, credit reports, résumés, medical certificates, emails, Centrelink files, photos and many more files containing personal details.

============
============

It is unclear whether or not ThreeAM has reached out to Respect regarding collecting a ransom for the data; however, data has been published. Cyber Daily has not been able to verify the legitimacy of the data.

At this stage, Respect has not released a statement regarding the incident. Cyber Daily has reached out to the company for comment and is awaiting a response.

ThreeAM (also referred to as 3AM) first appeared in February 2023, according to reports, and is best known as a result of being deployed by a threat actor following a failed deployment of LockBit ransomware back in September 2023.

The group, like most ransomware gangs, has a standardised ransom note that claims it has “no goal to destroy your business” but has stolen and encrypted large amounts of data.

“All your files are mysteriously encrypted, and the systems ‘show no signs of life’, the backups disappeared,” the group said.

“But we can correct this very quickly and return all your files and operation of the systems to original state.

“All your attempts to restore data by himself [sic] will definitely lead to their damage and the impossibility of recovery.

“There is another important point: we stole a fairly large amount of sensitive data from your local network … financial documents, personal information of your employees, customers, partners, work documentation, postal correspondence and much more.”

ThreeAM’s alleged cyber attack on Respect comes only a week after the Rhysida ransomware gang claimed an attack on Daughterly Care, another Australian aged-care agency.

The company was listed on the Rhysida ransomware dark web blog for a seven-day auction but has since sold data and claims to have uploaded 25 per cent of what it stole.

“Not sold data was uploaded, data hunters, enjoy,” said the group.

Rhysida listed the data for 10 bitcoins (roughly A$930,000). At the time of writing, the auction has just over five days left.

Cyber Daily reached out to Daughterly Care for a statement on the incident, but it was unable to provide one at the time.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.