This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Wattle Range Council

Summary

Wattle Range Council in South Australia was targeted by the LockBit ransomware gang in July 2024. The attackers stole 103 gigabytes of data across more than 46,000 files and threatened to publish the information on 4 August unless an unspecified ransom was paid. The NSW Supreme Court granted an injunction on 2 August to restrain third parties from accessing or disseminating the breached data.

What Happened

The LockBit ransomware gang breached Wattle Range Council's IT environment and exfiltrated 103GB of data contained in 46,248 files across more than 7,000 folders. LockBit posted details of the attack on their darknet leak site on 18 July 2024, along with sample images of documents and file structures. The gang set a deadline of 4 August for payment of an unspecified ransom amount. The council believed the stolen information largely relates to files from a legacy server, which primarily contains publicly available information and internal working documents.

Impact on Individuals

The breach exposed council data which may include resident information, internal documents, and communications. Council members and residents whose information was stored on the compromised server should:

  • Be alert for phishing attempts using stolen council information
  • Monitor for any misuse of personal details
  • Be cautious of scammers impersonating council staff
  • Watch for potential identity theft if personal information was included

The council prioritized determining exactly what information was involved and who it relates to in order to notify affected individuals.

Organisational Response

Wattle Range Council confirmed that some data had been accessed and taken from their IT environment. On 2 August 2024, the Supreme Court of NSW granted an injunction restraining third parties from accessing or disseminating any data breached in the LockBit attack. The council worked to determine the full scope of compromised information and identify affected individuals. This incident occurred during a period when LockBit was particularly active, posting details of 13 victims on 19 July 2024 alone.

[[extra.legal]] type = "Court Order" status = "Active" description = "NSW Supreme Court injunction restraining third parties from accessing or disseminating breached data" date = 2024-08-02

Verification Source: View original statement