All Parks Insurance

Summary

All Parks Insurance, a specialist underwriting agency providing insurance to caravan park owners, was targeted by the Meow ransomware gang in August 2024. Approximately 90 gigabytes of sensitive personal and corporate information was stolen, including policy details, commission records, and tax file number declarations. The breach was discovered on 27 August 2024.

What Happened

The Meow ransomware gang breached All Parks Insurance's systems and exfiltrated approximately 90GB of data. Unlike typical ransomware operations that demand payment from victims, Meow sold the stolen data directly to buyers, offering it to a single buyer for US$20,000 or to multiple buyers for US$10,000. The stolen data included policy details for clients, commission prepayment lists with details of dozens of caravan parks, Greenslip policy information, and tax file number declaration forms.

Impact on Individuals

The breach exposed tax file numbers and personal information of clients and caravan park operators. Tax file numbers are critical identity documents that can be used for identity theft, fraudulent tax returns, and opening accounts in victims' names. Affected individuals should:

• Monitor their myGov accounts for suspicious activity
• Check ATO records for unauthorized tax returns or claims
• Consider placing a ban on their credit file
• Be alert for targeted phishing attempts using stolen information

Organisational Response

All Parks Insurance is a specialized underwriting agency established in 2011 that provides insurance services to holiday parks, campgrounds, villages, boutique accommodation, and resorts Australia-wide. The company discovered the breach and is working to notify affected clients and implement security improvements.