Ainsworth Game Technology

Summary

On 10 December 2024, the Medusa ransomware group listed Ainsworth Game Technology, an Australian manufacturer of gaming machines and software with global operations, on its leak site claiming to have stolen 852.4 gigabytes of data. The attackers demanded $1.2 million USD and set a deadline of 24 December 2024, threatening to release the stolen data if payment was not received. The compromised data included employee passports, tax file numbers, bank account details, and confidential business information from Ainsworth's operations across Australia, New Zealand, Asia, the United States, and Europe.

What Happened

Ainsworth Game Technology Limited, founded in 1995 and headquartered in Newington, NSW, manufactures and supplies gaming machines and software to casinos and gaming venues globally. The Medusa ransomware operation gained unauthorized access to Ainsworth's systems and exfiltrated 852.4 gigabytes of sensitive data before listing the company on its dark web leak site on 10 December 2024.

Medusa provided sample data demonstrating the breach's scope, including employee personal information such as names, dates of birth, email addresses, bank account numbers, tax identification numbers, passport details, and payment cards. The stolen data represented Ainsworth's global operations, with a significant portion relating to Australian employees and business operations.

The attackers set a ransom demand of $1.2 million USD and established a strict deadline of 24 December 2024—Christmas Eve—for payment, after which they threatened to publicly release all stolen data. Medusa's leak site displayed a countdown timer creating pressure on Ainsworth to meet the extortion demands.

Medusa ransomware is a sophisticated criminal operation known for double extortion tactics, encrypting victim systems while simultaneously exfiltrating data to use as leverage. The group has been particularly active targeting Australian businesses throughout 2024, with multiple high-profile attacks on companies across various sectors.

Impact on Individuals

The breach affected Ainsworth Game Technology employees across the company's global operations, particularly those in Australia where a significant portion of the data originated. The exact number of impacted individuals was not disclosed.

The compromised data created severe risks for affected employees:

• Identity theft: The combination of passports, tax file numbers, bank account details, dates of birth, and names provided complete identity theft kits
• Financial fraud: Bank account numbers and payment card details enabled direct financial attacks
• Tax fraud: Exposure of tax file numbers created risks of fraudulent tax returns or government benefit claims
• International identity misuse: Passport details could be used for cross-border identity fraud

The exposure of comprehensive employee data from a multinational gaming technology company created risks not only for individual employees but also for Ainsworth's competitive position, as confidential business information was compromised alongside personal data.

Organisational Response

Ainsworth Game Technology did not issue a public statement acknowledging the breach when Medusa listed the company on its leak site. The company did not respond to media inquiries seeking comment on the incident, leaving employees and stakeholders without official information about the breach scope, protective measures, or whether the company intended to pay the ransom demand.

The lack of public communication as the 24 December deadline approached created uncertainty for affected employees about whether their data would be publicly released and what steps they should take to protect themselves from identity theft and financial fraud.