Engedi

Summary

Engedi, a Mackay-based NDIS disability support provider, was targeted by the Rhysida ransomware gang in August 2024. The attackers published details of the breach on 22 August on their darknet leak site, claiming to have stolen sensitive data including passport scans, identity documents, and credit card information. The ransomware group demanded approximately US$94,000 in Bitcoin.

What Happened

The Rhysida ransomware operation breached Engedi's network and exfiltrated sensitive data including staff identity documents, passport scans, account applications, and credit card details. The gang gave Engedi 6-7 days to pay the ransom before threatening to publish the data. Rhysida posted screenshots and sample documents on their dark web leak site as proof of the breach.

Impact on Individuals

The breach exposed highly sensitive information including passports and credit card details of staff and potentially clients. Affected individuals should:

• Cancel and replace any compromised credit cards immediately
• Check passport status and monitor for fraudulent use
• Place a ban on credit files to prevent unauthorized accounts
• Be alert for phishing attempts targeting NDIS recipients and disability support clients
• Monitor for signs of identity theft

The exposure of disability support client information is particularly concerning as it may affect vulnerable individuals who rely on NDIS services.

Organisational Response

Engedi is a Queensland-based registered NDIS provider operating since 1985, offering group skills programs, therapy support and coordination, NDIS plan management, and individual support. The not-for-profit operates out of two locations in Queensland – Engedi Support Services in Beaconsfield and Engedi Therapy Hub in Mount Pleasant. The organization worked to address the security incident and notify affected individuals.