This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Insula Group

Summary

Insula Group, a Victoria-based IT services and software solutions company, was targeted by the BianLian ransomware gang in a data breach confined to its corporate network on 25 June 2024. The attackers stole 400 gigabytes of data including internal documents, client information, project data, and source code. Insula refused to pay the ransom demand and reported the incident to authorities.

What Happened

The BianLian ransomware gang breached Insula Group's corporate network and exfiltrated 400GB of sensitive data. The stolen information included internal documents, client details, project and construction data, user folder contents, file server data, and company source code. The breach also exposed staff and customer names, contact details, and physical addresses. Insula immediately contained, isolated, and removed the threats from their network upon detection.

Impact on Individuals

The breach exposed names, email addresses, phone numbers, and physical addresses of both staff and customers. Affected individuals should:

  • Be alert for phishing emails or calls using stolen contact information
  • Monitor for potential identity theft attempts using the combination of personal details
  • Watch for scammers impersonating Insula or its clients
  • Be cautious of business email compromise attempts if they work with Insula

The exposure of client information could enable targeted attacks on Insula's customers in the residential construction and finance broking sectors.

Organisational Response

Insula Group took a firm stance by refusing to pay the ransom demanded by the attackers. The company immediately reported the incident to the Office of the Australian Information Commissioner (OAIC), Australian Cyber Security Centre (ACSC), and Victoria Police's cyber crime unit. Insula is an Australian-owned company specializing in IT services and software solutions, particularly within the residential construction and finance broking sectors. The company stated that threats were immediately contained, isolated, and removed from the network, and systems were secured and made operational.

Verification Source: View original statement