This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Strike Bowling (Funlab)

Summary

Between 20-22 September 2024, Funlab, operator of 40 entertainment venues across Australia, NZ, and the US including Strike Bowling, Holey Moley, and Archie Brothers, was attacked by Lynx ransomware (a rebrand of INC Ransomware). The attack compromised employee data from a NAS device including payroll and finance folders but no guest data. Funlab, with 2,000+ employees and recently acquired by TPG Capital, experienced operational disruption across venues. Lynx uses double extortion tactics.

What Happened

Lynx ransomware, first appearing in July 2024, targeted Funlab's NAS device containing employee data in payroll, finance, and backup folders, employing double extortion by encrypting and exfiltrating data.

Impact on Individuals

The breach affected Funlab's 2,000+ employees whose payroll and employment data was compromised. No guest data was impacted.

Organisational Response

Funlab confirmed employee data was compromised but guest data was not affected. The attack disrupted venue operations.

Verification Source: View original statement