You have 0 free articles left this month.
Register for a free account to access unlimited free content.
Powered by MOMENTUM MEDIA
lawyers weekly logo

Powered by MOMENTUMMEDIA

Breaking news and updates daily. Subscribe to our Newsletter
Advertisement

Exclusive: Aussie property developer TOGA listed as ransomware victim on Akira leak site

Hackers claim to have more than 500 gigabytes of data, including customer details, weeks after TOGA Far East (TFE) Hotels group confirmed it was the victim of a damaging cyber attack.

Exclusive: Aussie property developer TOGA listed as ransomware victim on Akira leak site
expand image

The Akira ransomware gang has listed Australian real estate and property developer TOGA on its darknet leak site and is claiming to have stolen more than 530 gigabytes of data.

The hackers listed the company in a 26 March update to their leak site

“We are ready to upload more than 530 GB of essential corporate documents such as: financial data (audits, payment details, reports contact numbers and e-mail addresses of employees and customers, many database files, etc,” an Akira spokesperson said, following a brief description of TOGA taken from market intelligence website Crunchbase.

As usual, Akira has not listed a ransom demand, nor a date of publication for the data.

Akira’s claim comes weeks after the TFE Hotels group, which is a part of TOGA’s property business, confirmed that it was the victim of a cyber incident that had caused significant disruption to its business.

“We are currently investigating a cyber incident affecting our networks,” a group spokesperson said in an updated advisory posted to the TFE Hotels’ website in early March.

“We are working to restore access to all our back-end systems. As a result, some of our systems and interactions may be slower as we restore operations. We thank our valued guests, clients, and partners, suppliers, and our team for their patience,” TFE Hotels said at the time.

While it’s possible the incidents are not linked, the timing suggests that Akira is behind the initial incident. Cyber Daily has approached TOGA for comment but has yet to receive a response.

Akira, like many such gangs, traces its history back to the infamous Conti ransomware operation, which fell apart in 2022 following Russia’s invasion of Ukraine, which caused infighting among its members. Akira was first observed in operation in March 2023 and has claimed 564 victims since then, making it one of the most prolific ransomware-as-a-service outfits operating today.

Akira’s ransoms typically range from US$200,000 to more than US$4 million, and Akira’s last Australian victim was engineering firm Thornton Engineering, which was listed on the gang’s leak site in February 2025.

The TOGA Group, headquartered in Ultimo, Sydney, operates three “integrated businesses” TOGA Development & Construction, TOGA Far East Hotels (TFE), and TOGA Property Investment. The group operates hotels in Australia, New Zealand, and Europe, as well as residential and commercial development & investment.

It also runs TOGA Health, which leverages the group’s “deep expertise in design, development and thoughtful hospitality to develop and operate innovative and healing mental healthcare facilities”.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

You need to be a member to post comments. Become a member for free today!

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.