This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

auDA Third-Party Breach

Summary

In August 2023, the NoEscape ransomware gang claimed to have stolen 15GB of data from auDA (.au Domain Administration Limited), Australia's domain name administrator. After investigation, auDA determined its own systems were not breached—the data came from an Australian sole trader whose server was compromised on 10 August 2023.

What Happened

On 11 August 2023, the NoEscape ransomware group posted claims that they had breached auDA and stolen sensitive data. When auDA became aware of the claims on 18 August 2023, the organisation initially found no evidence of a breach of its systems.

On 20 August 2023, after the threat actor shared limited proof of the attack, auDA confirmed that the source of the compromised data was not auDA's systems but rather an Australian sole trader with an Australian domain name whose server was subject to a malware attack on 10 August 2023. The files displayed in screenshots provided by the criminals were not stored on auDA systems.

Impact on Individuals

The NoEscape ransomware group claimed to possess various types of sensitive data including powers of attorney, legal documents with seals, passports, personal data, and medical reports. However, this information belonged to clients of the compromised sole trader rather than auDA directly.

The incident highlighted the risk of third-party data exposure in the domain registration ecosystem, where service providers may hold sensitive customer information that could be leveraged to falsely implicate larger organisations in data breaches.

Organisational Response

auDA informed the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Department of Home Affairs about the incident. The organisation conducted a thorough investigation to determine the true source of the compromised data and publicly clarified that its own systems had not been breached.

auDA's initial response denying the breach, followed by confirmation of limited third-party exposure, demonstrated the complexity of investigating ransomware claims and the importance of thorough forensic analysis before making public statements.

Verification Source: View original statement