This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Yakult Australia

Summary

Yakult Australia, a probiotic company based in Dandenong, Melbourne, was targeted by the DragonForce ransomware group in December 2023. The company first became aware of the cyber incident on 15 December 2023, with attackers publishing 95GB of sensitive employee data on the dark web on Christmas Day after ransom demands were not met. The leaked data included employee passports, driver's licences, medical assessments, salaries, and performance reviews.

What Happened

Yakult Australia first became aware of a cyber incident on the morning of 15 December 2023. The DragonForce ransomware group listed the company as one of its victims just five days later. The attack escalated on 23 December when staff discovered they were locked out of their computers, with screens displaying messages reading "YOU HAVE BEEN PWND".

The hackers threatened to publish more files if Yakult Australia did not pay a ransom. When the company did not comply, the stolen cache of 95GB of data was published to the dark web on Christmas Day morning.

Impact on Individuals

The breach exposed highly sensitive employee information including passports, driver's licences, medical evaluations, certificates, salaries, and performance appraisals. The data also encompassed company documents, contracts, and credit applications.

The exposure of such comprehensive employee data creates significant risks for affected individuals, including identity theft, financial fraud, and privacy violations. Medical assessments and salary information are particularly sensitive, with potential for misuse or embarrassment.

Organisational Response

Yakult Australia notified multiple regulatory authorities including the Australian Cyber Security Centre, the New Zealand National Cyber Security Centre, the Office of the Australian Information Commissioner, and the Office of the Privacy Commissioner New Zealand.

The company engaged cybersecurity experts to investigate the incident and assess the full scope of the data breach. The timing of the attack, occurring just before Christmas and escalating on 23 December, created additional challenges for the organisation's incident response efforts.

Verification Source: View original statement