This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Hal Leonard Australia

Summary

Hal Leonard Australia, a subsidiary of Hal Leonard Corporation specializing in print music sales, was targeted by the Qilin ransomware gang in January 2024. The gang posted their initial ransom demand on 8 January and subsequently published 37.6 gigabytes of company data after a week-long deadline expired. The stolen data included employee lists with email addresses, financial documentation, credit details, debt notices, and banking summaries.

What Happened

The Qilin ransomware gang breached Hal Leonard Australia's systems and exfiltrated approximately 37.6GB of sensitive corporate data. On 8 January 2024, Qilin posted a ransom demand on their darknet site, giving the company one week to pay an undisclosed amount. According to the gang's message, they captured "private contracts, agreements, all financial documentation, projects, email correspondence, and much more." When the ransom was not paid, Qilin published the stolen data to the dark web.

Impact on Individuals

The breach exposed sensitive employee and business information including:

  • Complete employee lists with business and private email addresses
  • Reporting manager names and organizational structure
  • Credit details with third-party customers
  • Banking summaries and financial correspondence
  • Debt notices and payment information

Affected employees and business partners should:

  • Monitor for targeted phishing using stolen email addresses
  • Be alert for business email compromise attempts
  • Watch for scams exploiting knowledge of business relationships
  • Check for any unauthorized use of banking or credit information
  • Be cautious of communications appearing to come from Hal Leonard

Organisational Response

Hal Leonard Australia is a subsidiary of Hal Leonard Corporation, the world's largest print music publisher, specializing in sheet music from well-known artists including The Beatles, Miles Davis, Diana Krall, Justin Timberlake, and Stevie Wonder. The Qilin ransomware group employs double extortion techniques, encrypting victims' data while also exfiltrating it, then demanding payment both for a decryptor and for non-disclosure of the stolen information even after ransom payment.

Verification Source: View original statement