BSG Australia

Summary

BSG Australia, a supplier of bingo and fundraising supplies for clubs and hospitality venues, was listed on the RansomHub ransomware gang's darknet leak site on 9 September 2024. The attackers claimed to have exfiltrated 79 gigabytes of data and set a ransom deadline of 24 September. RansomHub shared three stolen documents as proof of the breach.

What Happened

The RansomHub ransomware gang breached BSG Australia's systems, with the estimated attack date being 31 August 2024. The attackers exfiltrated approximately 79GB of data before the breach was discovered on 9 September. RansomHub operates as a ransomware-as-a-service operation, hiring out its infrastructure and malware to criminal affiliates. The gang posted details of the breach on their leak site along with sample stolen documents.

Impact on Individuals

The breach exposed business data including customer and supplier information. Clubs, organizations, and hospitality venues that purchase fundraising supplies from BSG may have had their business contact information and order details compromised. Affected organizations should:

• Be alert for phishing emails appearing to come from BSG
• Verify any unusual requests or communications with BSG through known contact channels
• Monitor for business email compromise attempts
• Watch for scam attempts targeting club treasurers and fundraising coordinators

Organisational Response

BSG Australia supplies bingo equipment, fundraising supplies, promotional materials, and printing services to clubs and hospitality venues across Australia. The company was given until 24 September to respond to the ransom demand. This incident was part of a significant wave of RansomHub activity in September 2024, with the gang claiming 66 victims globally that month, including multiple Australian organizations.