This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Network Pacific Real Estate

Summary

Network Pacific Real Estate, a leading Victorian property company, was allegedly breached by the Ragnar Locker ransomware gang in October 2023. The attackers posted 30.6 gigabytes of data on 30 September 2023, claiming it contained personal information of employees and customers. Network Pacific did not publicly confirm the breach or publish any advisory on its website.

What Happened

The Ragnar Locker ransomware gang claimed to have breached Network Pacific Real Estate and exfiltrated 30.6 gigabytes of data. The breach was discovered on 2 October 2023 after the attackers published the stolen data on their website on 30 September 2023.

According to the threat actors, they attempted to negotiate with the company to secure payment of a ransom and remediation of security vulnerabilities. The hackers claimed the company was not interested in paying the ransom or addressing the security issues, prompting them to publish the data as a warning to other organisations.

Impact on Individuals

The leaked data reportedly included personal information belonging to Network Pacific employees and customers. According to Network Pacific's privacy policy, the company collects extensive personal data including full contact details, current and desired property information, and from prospective renters, driver's licences, employment information, and income details.

Network Pacific retains such information for a minimum of seven years, suggesting the breach could have exposed historical records spanning multiple years of customer and employee data. The types of information potentially compromised would support identity theft and fraud targeting affected individuals.

Organisational Response

Network Pacific did not confirm the breach, respond to media requests for comment, or publish any advisory on its website. The company's silence left affected employees and customers without official notification or guidance on protective measures.

The lack of public acknowledgement raises questions about whether the incident met the threshold for notification under Australia's Notifiable Data Breaches scheme or whether the company disputed the authenticity of the ransomware gang's claims.

Verification Source: View original statement