This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Nikpol

Summary

Nikpol, a Melbourne-based interior solutions supplier to the renovation, RV, and building industries, was targeted by the RansomHub ransomware gang. The gang listed the company on its darknet leak site on 18 September 2024 and published 6 gigabytes of stolen data on 25 September after the seven-day ransom deadline expired. The breach exposed highly sensitive employee data including tax file numbers, home addresses, and salary information.

What Happened

RansomHub affiliates breached Nikpol's systems and exfiltrated approximately 6GB of sensitive corporate and employee data. The gang listed the company on their darknet site on 18 September with a seven-day payment deadline, though no specific ransom amount was disclosed. When payment was not received, RansomHub published the stolen data on 25 September. The breach exposed financial records, bank account details, employee tax information, and contracts with other Australian organizations.

Impact on Individuals

The breach exposed highly sensitive employee information including:

  • Tax file numbers
  • Home addresses
  • Salaries and superannuation payments
  • Salary sacrifice arrangements
  • Child support details
  • PAYG annual statements

Affected employees should immediately:

  • Monitor their myGov accounts for suspicious activity
  • Check with the ATO for unauthorized tax returns or changes
  • Place a ban on their credit file to prevent identity theft
  • Monitor bank accounts and superannuation for unauthorized changes
  • Be alert for highly targeted phishing using personal financial information

Tax file numbers are critical identity documents that can be used for serious financial fraud and identity theft.

Organisational Response

Nikpol is a 100% Australian-owned company supplying hardware, decorative surfaces, and appliances to the renovation, RV, and building industries. With offices in Melbourne and Brisbane and more than 140 employees, the company serves contractors and businesses across Australia. The published data also included contracts with several other Australian organizations, including a Melbourne-based immigration law firm, potentially affecting Nikpol's business partners and clients.

Verification Source: View original statement