Regent Caravans

Summary

Regent Caravans, a luxury caravan maker and dealer headquartered in Melbourne's northern suburbs, was hit by a RansomHub ransomware attack that resulted in the theft of 30 gigabytes of data. The attack occurred on 4 August and was detected on 5 August 2024. RansomHub publicly listed the company on its darknet leak site on 17 August and released the stolen data on 20 August.

What Happened

Attackers from the RansomHub ransomware gang breached Regent Caravans' systems and stole approximately 30 gigabytes of data. The stolen data included CAD design files for caravans, ordering details, employee ID card photos, and HR-related information. Upon discovering the breach, Regent Caravans immediately disconnected its server to remove the threat and appointed an external IT consultancy to analyze the incident and strengthen security measures. The company confirmed all backups remained intact, including cloud-stored data.

Impact on Individuals

The breach exposed employee information including ID card photos, HR records, and financial information. Affected employees should monitor for any misuse of their personal information. The breach also exposed proprietary design files and business information that could be used by competitors.

Organisational Response

Regent Caravans acted quickly to disconnect affected systems and engaged external cybersecurity consultants to investigate and remediate the breach. The company did not engage with the ransomware operators or pay any ransom demand. All data backups were confirmed intact, allowing normal business operations to continue.