Spotless Group

Spotless Group, a major Australian facilities management and catering company, was hit by a ransomware attack that compromised multiple servers and resulted in permanent data loss during system recovery.

What Happened

Ransomware attackers gained access to Spotless Group's IT infrastructure and encrypted multiple servers. The attack affected the company's ability to manage facilities, coordinate catering services, and maintain normal business operations across its extensive client base including hospitals, schools, and corporate campuses.

Spotless chose not to pay the ransom and instead focused on recovering systems from backups. However, not all data could be recovered, resulting in permanent loss of some business information during the rebuild process.

Impact on Individuals

While primarily affecting business operations, the breach potentially impacted employees and clients whose information was stored on compromised systems. The permanent data loss raised questions about backup adequacy and business continuity planning.

Organisational Response

Spotless worked with cybersecurity specialists to investigate the breach, rebuild affected systems, and implement enhanced security controls. The company acknowledged that some data was permanently lost, highlighting the importance of comprehensive backup strategies and the difficult decisions organisations face when hit by ransomware.